IE Vuln – IE Renders Plain Text Files as HTML

  • Author:xnite
  • Date:2012/10/06

While pentesting some of the new updates on my pet project, Logsmurf.com, Pythorian ran across an odd IE vulnerability involving the way it renders plain text files.

In any other browser, plain text is rendered as just that… plain text. This means that browsers such as Google Chrome, Firefox, and Opera will show you the contents of the text file, without rendering the HTML. However inside of Internet Explorer, there is a totally different story.

Internet explorer will actually render the HTML inside of a plain text file, as if the text file were a regular web page, this is demonstrated in the screenshots below.

[nggallery id=16]

As you can see, the text file only displays as plain text in Google Chrome, however is rendered in IE.

What does this mean?

Well, this means that by loading a plain text file inside of IE, someone could be vulnerable to cross site scripting, java script exploits, java exploits, essentially anything that would work inside of a normal web page will also work inside of a plain text file… and fuck, who the hell doesn’t trust a text file, its not harmful right? LOL!

**Update: Proof of Concept

** So, heres the good stuff. By using Pastebin’s “View Raw Paste”, a plain text file is displayed, which in IE triggers HTML & Javascript to render. The following pastebin Link inside of IE should show you a nice little pop up message which says “Hi!”.

http://pastebin.com/raw.php?i=94zDf9PG

**Update: IE9/IE10?

** Since writing this article last night, it has come to my attention that this does not always effect IE10, but definitely effects IE8 without fail. This may be due to built in XSS detections, and while turned off may still be effected.

Try it out in the different versions of IE, and lets see what we can find out, leave your experience in a comment below.

Robert Whitney
I'm a geek, gamer and breaker of things.
Opinions expressed here, even 💩 ones, are my own and do not represent those of my employer or associates.
Referral Links

Using my referral links is the best way to help me pay for my projects and development servers and get something out of it for yourself.

Copyright©2011 - 2018, Robert Whitney; All rights reserved.
Aeon Address: WmtnQAoEJsfbcjyMJLmfW8SJ3j5VCGGjX4k3hHrc4XbhVcz6dxifHs65h2w3y5gq8Qf4D4tgzb6VxEtggSq5hR8s1CzN1cLeK