explanation of how the attack works here: http://www.gnucitizen.org/blog/browser-focus-rip On 2/12/07, Michal Zalewski <lcamtuf@xxxxxxxxxxxx> wrote:
On Mon, 12 Feb 2007, [ISO-8859-1] Claus Färber wrote: > A proper solution would be to keep a list of files explicitly selected > by the user and only allow uploads of files in this list. Then even if a > script can manipulate the field, the browser won't upload files that > have not been selected by the user. Not necessarily that easy: notice that it is the user who enters the name of a target file. Unless you want to prevent the browser from accepting any files that were not chosen using a visual file selector widget - but in such a case, there's not much point in having a manual file path entry box in the first place. /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- pdp (architect) | petko d. petkov http://www.gnucitizen.org
