[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6170a5450510251500i6d9d4952xf5968ebefda8b8f@mail.gmail.com>
Date: Tue, 25 Oct 2005 17:00:32 -0500
From: Tatercrispies <tatercrispies@...il.com>
To: Paul Laudanski <zx@...tlecops.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
webappsec@...urityfocus.com
Subject: Re: phpBB 2.0.17 (and other BB systems as well)
Cookie disclosure exploit.
On 10/25/05, Paul Laudanski <zx@...tlecops.com> wrote:
>
>
> If sites want to stay online that make use of dynamic content to some
> extent the onus is on them to do proper input validation. There are PHP
> functions which permit for checking. But again, they work well when
> checking local images.
>
Both Opera and Firefox respect the content-type HTTP header. IE stands alone
as the major browser that attempts to second-guess things and render an
image file as HTML. I believe this is firmly an error in the browser. While
we could try to mitigate the issue at the web application level, but given
how enormously wide-spread this problem is, in my opinion, it seems more
reasonable and direct to fix it at the source of the problem.
What's to say that these validation functions work well enough. Are there
pure PHP/ASP scripts can can accomplish this task for major image types. I
mean scripts that run without the use of external modules. I would love to
see them. By what criteria does Explorer decide that it's not going to
render an image as an image?
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists