Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Security Advisory for ALL forum services with client-set images
From: Stefan Paletta <stefanp () cabal1 com>
Date: Thu, 23 Dec 2004 09:50:40 +0100

James Bandara wrote/schrieb/scripsit:
To block this I suggest you edit your service to only accept links that end in image formats for images before the querystring.

That doesn't really help ─ the attacker can send a HTTP redirect from an innocent-looking URL.

junior guru   SP666-RIPE     JID:stefanp () jabber de cw net    SMP () IRC

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]