Exploitation Summary
EIP tracks 1 public exploit for CVE-2005-2455. PoCs published by Mark Pilgrim.
AI-analyzed exploit summary The writeup describes multiple information disclosure vulnerabilities in Greasemonkey due to insecure JavaScript functions like 'GM_xmlhttpRequest()', 'GM_setValue()', and 'GM_scripts()'. These issues allow remote attackers to retrieve arbitrary files, directory listings, and private Greasemonkey data structures.
Description
Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue.
Exploits (1)
The writeup describes multiple information disclosure vulnerabilities in Greasemonkey due to insecure JavaScript functions like 'GM_xmlhttpRequest()', 'GM_setValue()', and 'GM_scripts()'. These issues allow remote attackers to retrieve arbitrary files, directory listings, and private Greasemonkey data structures.