Stealing Computer Names In Firefox And MSIE.

Publicated on : 1194806699
Firefox and Internet Explorer allow me to read out your computer name and path of the upload file. Normally it isn't allowed to figure out where the uploaded file is stored on your PC. Obvious, because when I can figure out your PC name I can pinpoint files on your PC. it's too hard to guess your computer name, so we are going to do this by stealing focus on an upload field through the "onclick" event. It then sets a cookie with the full path of the file to be uploaded to a server.

Then the cookie gets echoed back reading something like:

C:Documents and Settings[computer name]My DocumentsMy Pictures[image].jpg

pOc: