|
-
December 30th, 2005, 03:52 AM
#11
juuuuuust a thought...but....does AO verify file content of images in signatures? or in avatars? If I change my av to a linked image with a WMF file renamed to something else...where is the security there? I smell instant XSS amongs other fun tid-bits!
Soda, your ides is novel but won't work properly becuse IE tries to render the file if its been renamed aswell, so a gif/tif/png etc will all still render and exploit. This is thanks to MS's amazingly stupid idea of trying to be clever with error correction and try to assume that the file was named wrong. I have exploited IE machines by renaming a vbscript file to .png and it executed the commands without a hitch....well...not for me.
In sort, I see this as possably having a huge impact due to sneaky deployment on major sites.
- Noia
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote