[WEB SECURITY] Universal XSS with PDF files: highly dangerous
Amit Klein
aksecurity at gmail.com
Wed Jan 3 17:24:34 EST 2007
pdp (architect) wrote:
> Amit, this is very interesting solution and it will probably work in
> most cases. However, if the attacker is able to upload PDF documents,
> he/she can craft one that will produce the desired result as soon as
> it gets opend by the user. This can be achieved by setting the PDF
> file to redirect.
I agree. I was thinking about a solution to the fragment problem, which
is the topic of the thread (and a much more widespread situation than
PDF upload).
-Amit
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list