Hi This paper exposes a new attack vector of testing web applications having upload functionality. It enhances the web application penetration testing perspective by demonstrating a new way to produce XSS in the web applications when a word document is rendered directly in the browser. This attack has been tested on number of enterprise web applications and is successfully triggered. The vendor have been given advisories in relation to this attack vector. It works fine with custom designed web applications in distributed environment. Some time enhanced functionality in software leads to generation of new attack vectors. You can download the paper at: http://www.secniche.org/paper.html http://www.secniche.org/papers/SNS_09_01_Evad_Xss_Filter_Msword.pdf Regards Aditya K Sood Founder , SecNiche Security http://www.secniche.org
