Keep It Simple, Stupid | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
never underestimate the stupidity of IE and outlook. if you take an html file, name it foo.jpg and send it with a mime-type of image/jpeg, IE 5 on the mac and IE 4 on windows will happily parse and render it as html. (probably some versions of outlook exhibit this broken behavior too). this technique was once used in a hotmail exploit. email someone a "jpg" and it could grab their password cookie and submit it to another site. if securityfocus hadn't changed the structure of their bugtraq archives and broken my bookmarks, i could give you a link... i don't think it's quite dumb enough to run an .exe the same way but there's still a lot of mischief that can be done with html+javascript/vbscript In reply to Re: (ichimunki) Re: Security issues when allowing file upload via CGI
by thraxil
|
|