WebApp Sec mailing list archives
Re: Is this exploitable?..
From: Peter Conrad <conrad () tivano de>
Date: Fri, 17 Dec 2004 09:09:19 +0100
Hi, On Thu, Dec 16, 2004 at 12:14:11PM -0800, Benjamin Livshits wrote:
What worries me is a scenario in which parts of the HTTP request are somehow malicious. I.e. as is the case for XSS, if responseString is set to contain some user-supplied JavaScript, it may lead to problems if printed back to the browser verbatim.
that's why
resp.setContentType("message/http");
Standard-conforming browsers will not interpret JavaScript (or other active
content) inside "message/http" bodies.
Of course, certain broken browsers ignore the ContentType header and
instead try to guess what the content type "really" is. That's a browser
bug, though, and even if it was exploitable you couldn't blame it on
the server.
Bye,
Peter
--
Peter Conrad Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH Fax: +49 6102 / 80 99 071
Bahnhofstr. 18 http://www.tivano.de/
63263 Neu-Isenburg
Germany
Current thread:
- Is this exploitable?.. Benjamin Livshits (Dec 16)
- Re: Is this exploitable?.. Peter Conrad (Dec 20)
- RE: Is this exploitable?.. Benjamin Livshits (Dec 20)
- Re: Is this exploitable?.. Peter Conrad (Dec 20)
- RE: Is this exploitable?.. Benjamin Livshits (Dec 20)
- Re: Is this exploitable?.. Stephen de Vries (Dec 20)
- Re: Is this exploitable?.. Tim (Dec 20)
- Re: Is this exploitable?.. Peter Conrad (Dec 20)