|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
From: Amit Klein (aksecurity
gmail.com)
Date: Wed Jan 03 2007 - 16:24:34 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
pdp (architect) wrote:
> Amit, this is very interesting solution and it will probably work in
> most cases. However, if the attacker is able to upload PDF documents,
> he/she can craft one that will produce the desired result as soon as
> it gets opend by the user. This can be achieved by setting the PDF
> file to redirect.
I agree. I was thinking about a solution to the fragment problem, which
is the topic of the thread (and a much more widespread situation than
PDF upload).
-Amit
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]