[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <26563eca0604110839q4a25e6a2vd80216d7ca609739@mail.gmail.com>
Date: Tue Apr 11 16:39:43 2006
From: dbounds at gmail.com (Darren Bounds)
Subject: Microsoft Internet Explorer Content-Disposition
HTML File Handling Flaw
Steve,
If a web-based application is relying on Content-Disposition to
seperate itself from the HTML file download, the application scope
will be exposed and open to attack. All the attacker needs is for the
victom to select "Open" at the File Download dialog (very common) and
the XSS attack will deliver it's payload (steal cookies, steal
application content, display a username/password dialog, redirect to
goatse.cx, etc).
Get it?
Thank you,
Darren Bounds
On 4/11/06, Steven Rakick <stevenrakick@...oo.com> wrote:
> I don't see how this is a security issue...
>
Powered by blists - more mailing lists