Bugtraq mailing list archives
Re: Security Advisory for ALL forum services with client-set images
From: Stefan Paletta <stefanp () cabal1 com>
Date: Thu, 23 Dec 2004 09:50:40 +0100
James Bandara wrote/schrieb/scripsit:
To block this I suggest you edit your service to only accept links that end in image formats for images before the querystring.
That doesn't really help ─ the attacker can send a HTTP redirect from an innocent-looking URL.
-Stefan -- junior guru SP666-RIPE JID:stefanp () jabber de cw net SMP@IRC
Current thread:
- Security Advisory for ALL forum services with client-set images James Bandara (Dec 22)
- Re: Security Advisory for ALL forum services with client-set images Stefan Paletta (Dec 23)
- Re: Security Advisory for ALL forum services with client-set images Tim Jackson (Dec 23)