Bugtraq mailing list archives
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
From: Amit Klein <aksecurity () gmail com>
Date: Thu, 04 Jan 2007 00:24:34 +0200
pdp (architect) wrote:
I agree. I was thinking about a solution to the fragment problem, which is the topic of the thread (and a much more widespread situation than PDF upload).Amit, this is very interesting solution and it will probably work in most cases. However, if the attacker is able to upload PDF documents, he/she can craft one that will produce the desired result as soon as it gets opend by the user. This can be achieved by setting the PDFfile to redirect.
-Amit
Current thread:
- Universal XSS with PDF files: highly dangerous pdp (architect) (Jan 03)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein (Jan 03)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein (Jan 03)
- Message not available
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous pdp (architect) (Jan 03)
- Message not available
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous RSnake (Jan 03)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Dave Ferguson (Jan 03)
- Message not available
- Message not available
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein (Jan 08)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein (Jan 03)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein (Jan 03)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous pdp (architect) (Jan 03)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein (Jan 03)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous pdp (architect) (Jan 03)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous bugtraq (Jan 04)
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Martin O'Neal (Jan 08)
- Message not available
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein (Jan 08)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous RSnake (Jan 08)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein (Jan 08)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous RSnake (Jan 08)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein (Jan 08)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Brian Eaton (Jan 09)
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Marvin Simkin (Jan 09)