Full Disclosure mailing list archives
Re: Microsoft Internet Explorer Content-Disposition HTML File Handling Flaw
From: "Darren Bounds" <dbounds () gmail com>
Date: Tue, 11 Apr 2006 11:39:34 -0400
Steve, If a web-based application is relying on Content-Disposition to seperate itself from the HTML file download, the application scope will be exposed and open to attack. All the attacker needs is for the victom to select "Open" at the File Download dialog (very common) and the XSS attack will deliver it's payload (steal cookies, steal application content, display a username/password dialog, redirect to goatse.cx, etc). Get it? Thank you, Darren Bounds On 4/11/06, Steven Rakick <stevenrakick () yahoo com> wrote:
I don't see how this is a security issue...
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Internet Explorer Content-Disposition HTML File Handling Flaw Darren Bounds (Apr 10)
- Re: Microsoft Internet Explorer Content-Disposition HTML File Handling Flaw Darren Bounds (Apr 11)
- <Possible follow-ups>
- Re: Microsoft Internet Explorer Content-Disposition HTML File Handling Flaw Steven Rakick (Apr 11)
- Re: Microsoft Internet Explorer Content-Disposition HTML File Handling Flaw Darren Bounds (Apr 11)