Full Disclosure mailing list archives
Re: Backdooring Image Files - security notice
From: "HASEGAWA Yosuke " <yosuke.hasegawa () gmail com>
Date: Tue, 19 Dec 2006 11:41:58 +0900
Hi. On 12/15/06, pdp (architect) <pdp.gnucitizen () googlemail com> wrote:
I will be brief. There is a rather lame/concerning technique, most of you know about, that allows JavaScript to be executed upon visiting an image file. This issue is not due to some browser error, although clearly IE has some issues with it, but it is due to web applications not sanitizing user supplied content in a form of links.
On Windows server, FindMimeFromData function can be used IE to know what kind of file type it is determine with on the server side. http://msdn.microsoft.com/workshop/networking/moniker/reference/functions/findmimefromdata.asp Of course, a result may become mismatch by the browser and server side. Or, adding "Content-Disposition: attachment" for response header, It can be used to prevent executing script on browser directly. -- HASEGAWA Yosuke yosuke.hasegawa () gmail com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Backdooring Image Files - security notice pdp (architect) (Dec 15)
- Re: Backdooring Image Files - security notice HASEGAWA Yosuke (Dec 18)