Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous

[Amit Klein <aksecurity@xxxxxxxxx>]

RSnake wrote:
> So I think your idea was partly good, the 301 redirection will knock off
> the URL fragment, but it has nothing to do with GET vs POST, and you'll
> need to redirect it to a unique token to prevent infinite loops or
> someone just forwarding to a guessable token.
BTW, "unique" isn't good enough. You'll note in my algorithm, it's tied 
to the IP of the client (and encrypted, so it cannot be predicted). 
Otherwise an attacker website can obtain a valid token by communicating 
directly with the target website, and then present the victim with a 
link + valid token + nasty fragment.

-Amit

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]