Bugtraq: Re: Security Advisory for ALL forum services with client-set images

Nmap Security Scanner

Intro

Docs
Security Lists

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Security Advisory for ALL forum services with client-set images

From: Stefan Paletta <stefanp () cabal1 com>
Date: Thu, 23 Dec 2004 09:50:40 +0100

James Bandara wrote/schrieb/scripsit:

To block this I suggest you edit your service to only accept links thatend in image formats for images before the querystring.

That doesn't really help ─ the attacker can send a HTTP redirect from aninnocent-looking URL.


-Stefan
--
junior guru   SP666-RIPE     JID:stefanp () jabber de cw net    SMP () IRC

Current thread:

Security Advisory for ALL forum services with client-set images James Bandara (Dec 22)
- Re: Security Advisory for ALL forum services with client-set images Stefan Paletta (Dec 23)
- Re: Security Advisory for ALL forum services with client-set images Tim Jackson (Dec 23)