IE Vuln – IE Renders Plain Text Files as HTML
In any other browser, plain text is rendered as just that… plain text. This means that browsers such as Google Chrome, Firefox, and Opera will show you the contents of the text file, without rendering the HTML. However inside of Internet Explorer, there is a totally different story.
Internet explorer will actually render the HTML inside of a plain text file, as if the text file were a regular web page, this is demonstrated in the screenshots below.
As you can see, the text file only displays as plain text in Google Chrome, however is rendered in IE.
What does this mean?
Well, this means that by loading a plain text file inside of IE, someone could be vulnerable to cross site scripting, java script exploits, java exploits, essentially anything that would work inside of a normal web page will also work inside of a plain text file… and fuck, who the hell doesn’t trust a text file, its not harmful right? LOL!
**Update: Proof of Concept
** Since writing this article last night, it has come to my attention that this does not always effect IE10, but definitely effects IE8 without fail. This may be due to built in XSS detections, and while turned off may still be effected.
Try it out in the different versions of IE, and lets see what we can find out, leave your experience in a comment below.