in reply to (ichimunki) Re: Security issues when allowing file upload via CGI
in thread Security issues when allowing file upload via CGI
never underestimate the stupidity of IE and outlook.
if you take an html file, name it foo.jpg and send it with a mime-type of image/jpeg, IE 5 on the mac and IE 4 on windows will happily parse and render it as html. (probably some versions of outlook exhibit this broken behavior too).
this technique was once used in a hotmail exploit. email someone a "jpg" and it could grab their password cookie and submit it to another site.
if securityfocus hadn't changed the structure of their bugtraq archives and broken my bookmarks, i could give you a link...