[WEB SECURITY] Minimal User Interaction with Links

51l3n73y3s 51l3n7 at live.in
Fri Aug 14 14:02:00 EDT 2009


Hello list,

Is it possible to execute or save a file by just clicking on a link?

I might be missing something over here, here is a sample eicar test string 
http://www.eicar.org/download/eicar.com

As soon as I click on it, my AV gives me the message about the detection at 
"%temp%\ NcsWJCau.com.part" and the page also gives me an option to save the 
file. Doesn't this mean that the file is being stored in the temp directory 
without user interaction?

-Sandeep Cheema 


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list