<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Cross Site Scripting exploitation via malformed files

Cross Site Scripting exploitation via malformed files

From: Jerome ATHIAS <jerome.athias_at_free.fr>
Date: 21 Feb 2005 16:25:04 -0000

('binary' encoding is not supported, stored as-is) It was publicly released on different forums (http://cyruxnet.org/foro/viewtopic.php?t=559); multiple webmail systems and websites are vulnerable to Cross Site Scripting via a malformed file.

A basic PoC :

Build a text file (ie: photo.txt)

<script language="Javascript">
alert('Vulnerable!');
</script>

then rename the file with the .jpg extension (photo.jpg), and send the renamed file as attachement by mail to the victim.

On many webmail systems, when the JPG file is downloaded, then the script is executed (you can play with javascript, vbscript,...)

It was verified under IE - XP SP2

So it opens a door for virus...

Regards and greetings to: ZaBoo, whitehat.co.il, Class101, Mandragore

Jerome ATHIAS
Received on Feb 22 2005

This message: [ Message body ]
Next message: iDEFENSE Labs: "iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB2 Arbitrary File Unlink Vulnerability"
Previous message: tjomka: "paNews v2.0b4 - PHP Injection"
Next in thread: http-equiv_at_excite.com : "Re: Cross Site Scripting exploitation via malformed files"
Maybe reply: http-equiv_at_excite.com : "Re: Cross Site Scripting exploitation via malformed files"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]