lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <503957.40740.qm@web34314.mail.mud.yahoo.com>
Date: Thu, 4 Jan 2007 09:18:18 -0800 (PST)
From: Rude Yak <rudeyak@...oo.com>
To: bugtraq@...urityfocus.com
Subject: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous

RSnake wrote: 
> No, that is incorrect.  This is not visible by the application because
> achor tags are not sent to the webserver.  This is completely invisible
> to web application firewalls.  Btw, a user on http://sla.ckers.org/ made
> this recommendation for fixing your own browsers:
> 
> Firefox->Tools->Options->Content->Manage->change PDF action to "Save to
> disk".

YMMV, but for Apache-based servers, one of the two methods below -may- do the
trick (no guarantees that it won't break your app in the process):

# mod_rewrite prevention vs. DOM attacks on static content
RewriteCond %{THE_REQUEST} .*\.(img|jpg|pdf|css|js)[^A-Za-z0-9._?&%-]
RewriteRule (.*\.(img|pdf|cgi|jpg)) $1 [R,L]

# mod_security 2.0 prevention vs. DOM attacks on static content
SecRule REQUEST_URI_RAW: ".*\.(img|jpg|pdf|css|js)[^A-Za-z0-9._?&%-]" \
    "deny,log,status:501,id:955001,severity:2,msg:'DOM attack on static
content'"

Erick.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ