[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous

From: "Mike Metzger" <mdmetzger@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Date: Thu, 4 Jan 2007 21:38:51 -0600

------=_Part_11910_9445964.1167968331534
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Ok - I've completed an initial implementation of this and tested it with
.NET 1.1/2.0.  You can download the details / etc from my site
http://www.techplay.net.  Feel free to contact me directly if there are any
issues / suggestions for improvements.

The code is completely public domain so it can be used as you like.

Mike

On 1/4/07, Mike Metzger <mdmetzger@gmail.com> wrote:
>
> D'oh - ok Guy Podjarny's suggestion worked great.  I tried the #, just
> didn't put anything after it.  Firefox interpreted it properly with a #a
> behind the redirect.
>
> Once I get a chance to cleanup code, I'll post info on where to download
> shortly for any in need of an ASP.NET handler for this issue.
>
> Thanks to all
>
> Mike
>
> On 1/4/07, Mike Metzger <mdmetzger@gmail.com> wrote:
> >
> > Based on Amit's general format, I'm trying to implement an HttpHandler
> > for ASP.NET that will monitor requests for PDF files.  Thus far, the
> > technique works great - for IE6 and IE7.  For Firefox, it keeps the anchor
> > even with a redirected URL.
> >
> > I've tried the following:
> >
> > - Adding a # character in my redirect URL.
> > - Adding a Refresh and URL response header to the new location
> >
> > Neither of these have had any effect.  I'm a bit at a loss of how to
> > continue.
> >
> > I'll post code / a link to test soon.
> >
> > Thanks
> >
> > Mike Metzger
> >
>
>

------=_Part_11910_9445964.1167968331534
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Ok - I&#39;ve completed an initial implementation of this and tested it with .NET 1.1/2.0.&nbsp; You can download the details / etc from my site <a href="http://www.techplay.net";>http://www.techplay.net</a>.&nbsp; Feel free to contact me directly if there are any issues / suggestions for improvements.&nbsp; 
<br><br>The code is completely public domain so it can be used as you like.<br><br>Mike<br><br><div><span class="gmail_quote">On 1/4/07, <b class="gmail_sendername">Mike Metzger</b> &lt;<a href="mailto:mdmetzger@gmail.com";>
mdmetzger@gmail.com</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">D&#39;oh - ok Guy Podjarny&#39;s suggestion worked great.&nbsp; I tried the #, just didn&#39;t put anything after it.&nbsp; Firefox interpreted it properly with a #a behind the redirect.&nbsp; 
<br>
<br>
Once I get a chance to cleanup code, I&#39;ll post info on where to download shortly for any in need of an <a href="http://ASP.NET"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">ASP.NET</a> handler for this issue.
<br>
<br>
Thanks to all<br><span class="sg">
<br>
Mike</span><div><span class="e" id="q_10fef62d1757b6bc_2"><br><br><div><span class="gmail_quote">On 1/4/07, <b class="gmail_sendername">Mike Metzger</b> &lt;<a href="mailto:mdmetzger@gmail.com"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
mdmetzger@gmail.com</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Based on Amit&#39;s general format, I&#39;m trying to implement an HttpHandler for <a href="http://ASP.NET"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">ASP.NET</a> that will monitor requests for PDF files.&nbsp; Thus far, the technique works great - for IE6 and IE7.&nbsp; For Firefox, it keeps the anchor even with a redirected URL.&nbsp; 
<br><br>I&#39;ve tried the following:<br><br>- Adding a # character in my redirect URL.&nbsp; <br>- Adding a Refresh and URL response header to the new location<br><br>Neither of these have had any effect.&nbsp; I&#39;m a bit at a loss of how to continue.&nbsp; 
<br><br>I&#39;ll post code / a link to test soon.<br><br>Thanks<br><span><br>Mike Metzger<br>

</span></blockquote></div><br>

</span></div></blockquote></div><br>

------=_Part_11910_9445964.1167968331534--

References:
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Mike Metzger
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Mike Metzger

Prev by Date: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Next by Date: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Previous by thread: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Next by thread: RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site