[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Advisory for ALL forum services with client-set images

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Security Advisory for ALL forum services with client-set images
From: Stefan Paletta <stefanp@xxxxxxxxxx>
Date: Thu, 23 Dec 2004 09:50:40 +0100

James Bandara wrote/schrieb/scripsit:

To block this I suggest you edit your service to only accept links that end in image formats for images before the querystring.

That doesn't really help â the attacker can send a HTTP redirect from an innocent-looking URL.

-Stefan
--
junior guru   SP666-RIPE     JID:stefanp@xxxxxxxxxxxxxxxx    SMP@IRC

References:
- Security Advisory for ALL forum services with client-set images
  - From: James Bandara

Prev by Date: Re: DJB's students release 44 *nix software vulnerability advisories
Next by Date: Re: DJB's students release 44 *nix software vulnerability advisories
Previous by thread: Security Advisory for ALL forum services with client-set images
Next by thread: Re: Security Advisory for ALL forum services with client-set images
Index(es):
- Date
- Thread