WebApp Sec mailing list archives
Re: BBCode [IMG] [/IMG] Tag Vulnerability
From: Zak McGregor <zak () mighty co za>
Date: Wed, 24 Aug 2005 02:33:35 +0200
On Tue, 23 Aug 2005 09:20:03 -0500 "Tony Stahler" <TStahler () tempographics com> wrote:
You'd probably be better off just deciding which image file types you consider safe for users... i.e. you probably don't want to allow flash... and only allow images with those extensions. Making sure images are safe isn't really you're responsibility, it's the responsibility of the image standard, and the browser displaying the information.
IMHO the correct way to do this is to make an http head to the url given as the image location, parsing the response for content-type headers and using that as a guide for image type. Using the file extension of the supplied url is asking for potential issues. Even getting the content-type header from the remote server is not foolproof - it could be set to change content type and actual content once the expected check has been performed. Ciao Zak
Current thread:
- Re: BBCode [IMG] [/IMG] Tag Vulnerability Paul Laudanski (Aug 22)
- Re: [Full-disclosure] Re: BBCode [IMG] [/IMG] Tag Vulnerability Christopher Kunz (Aug 22)
- Re: BBCode [IMG] [/IMG] Tag Vulnerability Paul Laudanski (Aug 22)
- <Possible follow-ups>
- Re: BBCode [IMG] [/IMG] Tag Vulnerability Tony Stahler (Aug 23)
- Re: BBCode [IMG] [/IMG] Tag Vulnerability Zak McGregor (Aug 23)
- Re: BBCode [IMG] [/IMG] Tag Vulnerability Christopher Kunz (Aug 23)
- Re: BBCode [IMG] [/IMG] Tag Vulnerability Paul Laudanski (Sep 08)
- Re: BBCode [IMG] [/IMG] Tag Vulnerability Christopher Canova (Aug 27)
- Re: [Full-disclosure] Re: BBCode [IMG] [/IMG] Tag Vulnerability Christopher Kunz (Aug 22)