Chapter 12  ■ Attacking Other Users

The following shows the raw response of an application that is vulnerable to

stored XSS in this way. Note that even though the 

Content-Type

header speci-

fies that the message body contains an image, Internet Explorer overrides this

and handles the content as HTML because this is what it in fact contains.

HTTP/1.1 200 OK

Date: Sat, 5 May 2007 11:52:25 GMT

Server: Apache

Content-Length: 39

Content-Type: image/jpeg

This vulnerability exists in many web mail applications, where an attacker

can send emails containing a seductive-sounding image attachment that in

fact compromises the session of any user who views it. Many such applica-

tions sanitize HTML attachments specifically to block XSS attacks, but over-

look the way Internet Explorer handles JPEG files.

Download 5,76 Mb.

Do'stlaringiz bilan baham: