Full Disclosure mailing list archives

Re: Backdooring Image Files - security notice

From: "HASEGAWA Yosuke " <yosuke.hasegawa () gmail com>
Date: Tue, 19 Dec 2006 11:41:58 +0900

Hi.

On 12/15/06, pdp (architect) <pdp.gnucitizen () googlemail com> wrote:

I will be brief. There is a rather lame/concerning technique, most of
you know about, that allows JavaScript to be executed upon visiting an
image file. This issue is not due to some browser error, although
clearly IE has some issues with it, but it is due to web applications
not sanitizing user supplied content in a form of links.


On Windows server, FindMimeFromData function can be used IE to
know what kind of file type it is determine with on the server side.
http://msdn.microsoft.com/workshop/networking/moniker/reference/functions/findmimefromdata.asp

Of course, a result may become  mismatch by the browser and
server side.

Or, adding "Content-Disposition: attachment" for response header,
It can be used to prevent executing script on browser directly.

-- 
HASEGAWA Yosuke
    yosuke.hasegawa () gmail com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Backdooring Image Files - security notice pdp (architect) (Dec 15)
- Re: Backdooring Image Files - security notice HASEGAWA Yosuke (Dec 18)