[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Microsoft Internet Explorer Content-Disposition HTML File Handling Flaw

To: "Steven Rakick" <stevenrakick@xxxxxxxxx>
Subject: Re: [Full-disclosure] Microsoft Internet Explorer Content-Disposition HTML File Handling Flaw
From: "Darren Bounds" <dbounds@xxxxxxxxx>
Date: Tue, 11 Apr 2006 11:39:34 -0400

Steve,

If a web-based application is relying on Content-Disposition to
seperate itself from the HTML file download, the application scope
will be exposed and open to attack. All the attacker needs is for the
victom to select "Open" at the File Download dialog (very common) and
the XSS attack will deliver it's payload  (steal cookies, steal
application content, display a username/password dialog, redirect to
goatse.cx, etc).

Get it?

Thank you,

Darren Bounds

On 4/11/06, Steven Rakick <stevenrakick@xxxxxxxxx> wrote:
> I don't see how this is a security issue...
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Microsoft Internet Explorer Content-Disposition HTML File Handling Flaw
  - From: Steven Rakick

Prev by Date: [Full-disclosure] [USN-269-1] xscreensaver vulnerability
Next by Date: [Full-disclosure] IMF 2006 - Submission Deadline Extension
Previous by thread: Re: [Full-disclosure] Microsoft Internet Explorer Content-Disposition HTML File Handling Flaw
Next by thread: [Full-disclosure] [MU-200604-01] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service
Index(es):
- Date
- Thread