Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: Backdooring Image Files - security notice
From: "HASEGAWA Yosuke " <yosuke.hasegawa () gmail com>
Date: Tue, 19 Dec 2006 11:41:58 +0900
Hi.

On 12/15/06, pdp (architect) <pdp.gnucitizen () googlemail com> wrote:

I will be brief. There is a rather lame/concerning technique, most of
you know about, that allows JavaScript to be executed upon visiting an
image file. This issue is not due to some browser error, although
clearly IE has some issues with it, but it is due to web applications
not sanitizing user supplied content in a form of links.


On Windows server, FindMimeFromData function can be used IE to
know what kind of file type it is determine with on the server side.
http://msdn.microsoft.com/workshop/networking/moniker/reference/functions/findmimefromdata.asp

Of course, a result may become  mismatch by the browser and
server side.

Or, adding "Content-Disposition: attachment" for response header,
It can be used to prevent executing script on browser directly.

-- 
HASEGAWA Yosuke
    yosuke.hasegawa () gmail com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]