Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: www.google.com xss vulnerability Using mhtml
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Wed, 26 Jan 2011 21:43:28 -0800

1.www.google.com app don't filter the CRLF

This is not strictly required; there are other scenarios where this
vulnerability is exploitable.

2.IE support mhtml protocol handler to render the mhtml file format,
and this is the why mhtml: is designed

The real problem is that when mhtml: is used to fetch the container
over an underlying protocol, it does not honor Content-Type and
related headers (or even "nosniff").

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]