Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

pdp (architect) wrote:

Amit, this is very interesting solution and it will probably work in
most cases. However, if the attacker is able to upload PDF documents,
he/she can craft one that will produce the desired result as soon as
it gets opend by the user. This can be achieved by setting the PDF
file to redirect.
I agree. I was thinking about a solution to the fragment problem, which is the topic of the thread (and a much more widespread situation than PDF upload). 

-Amit
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux