Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous

["Mike Metzger" <mdmetzger@xxxxxxxxx>]

------=_Part_10025_32490872.1167950389447
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Based on Amit's general format, I'm trying to implement an HttpHandler for
ASP.NET that will monitor requests for PDF files.  Thus far, the technique
works great - for IE6 and IE7.  For Firefox, it keeps the anchor even with a
redirected URL.

I've tried the following:

- Adding a # character in my redirect URL.
- Adding a Refresh and URL response header to the new location

Neither of these have had any effect.  I'm a bit at a loss of how to
continue.

I'll post code / a link to test soon.

Thanks

Mike Metzger

------=_Part_10025_32490872.1167950389447
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Based on Amit&#39;s general format, I&#39;m trying to implement an HttpHandler for <a href="http://ASP.NET";>ASP.NET</a> that will monitor requests for PDF files.&nbsp; Thus far, the technique works great - for IE6 and IE7.&nbsp; For Firefox, it keeps the anchor even with a redirected URL.&nbsp; 
<br><br>I&#39;ve tried the following:<br><br>- Adding a # character in my redirect URL.&nbsp; <br>- Adding a Refresh and URL response header to the new location<br><br>Neither of these have had any effect.&nbsp; I&#39;m a bit at a loss of how to continue.&nbsp; 
<br><br>I&#39;ll post code / a link to test soon.<br><br>Thanks<br><br>Mike Metzger<br>

------=_Part_10025_32490872.1167950389447--