[WEB SECURITY] Minimal User Interaction with Links

51l3n73y3s 51l3n7 at live.in
Fri Aug 14 14:02:00 EDT 2009

Hello list,

Is it possible to execute or save a file by just clicking on a link?

I might be missing something over here, here is a sample eicar test string 

As soon as I click on it, my AV gives me the message about the detection at 
"%temp%\ NcsWJCau.com.part" and the page also gives me an option to save the 
file. Doesn't this mean that the file is being stored in the temp directory 
without user interaction?

-Sandeep Cheema 

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list