Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: Re: Security Advisory for ALL forum services with client-set images

Re: Security Advisory for ALL forum services with client-set images

From: Stefan Paletta <stefanp_at_cabal1.com>
Date: Thu, 23 Dec 2004 09:50:40 +0100

James Bandara wrote/schrieb/scripsit:
>To block this I suggest you edit your service to only accept links that
>end in image formats for images before the querystring.

That doesn't really help ─ the attacker can send a HTTP redirect from an
innocent-looking URL.

-Stefan

-- 
 junior guru   SP666-RIPE     JID:stefanp_at_jabber.de.cw.net    SMP_at_IRC

Received on Dec 23 2004

This message: [ Message body ]
Next message: Crispin Cowan: "Re: DJB's students release 44 *nix software vulnerability advisories"
Previous message: D. J. Bernstein: "Re: DJB's students release 44 *nix software vulnerability advisories"
In reply to: James Bandara: "Security Advisory for ALL forum services with client-set images"
Next in thread: Tim Jackson: "Re: Security Advisory for ALL forum services with client-set images"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]