mailing list archives
Cross Site Scripting exploitation via malformed files
From: Jerome ATHIAS <jerome.athias () free fr>
Date: 21 Feb 2005 16:25:04 -0000
It was publicly released on different forums (http://cyruxnet.org/foro/viewtopic.php?t=559); multiple webmail systems
and websites are vulnerable to Cross Site Scripting via a malformed file.
A basic PoC :
Build a text file (ie: photo.txt)
then rename the file with the .jpg extension (photo.jpg), and send the renamed file as attachement by mail to the
It was verified under IE - XP SP2
So it opens a door for virus...
Regards and greetings to: ZaBoo, whitehat.co.il, Class101, Mandragore
- Cross Site Scripting exploitation via malformed files Jerome ATHIAS (Feb 22)