[Full-disclosure] things you can do with downloads
- From: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
- Date: Wed, 30 May 2012 13:35:25 -0700
Another moderately interesting tidbit, I guess...
It is an important and little-known property of web browsers that one
document can always navigate other, non-same-origin windows to
arbitrary URLs. Perhaps more interestingly, you can also navigate
third-party documents to resources served with Content-Disposition:
attachment, in which case, you get the original contents of the
address bar, plus a rogue download prompt attached to an unsuspecting
page that never wanted you to download that file.
PoC:
http://lcamtuf.coredump.cx/fldl/
More info:
http://lcamtuf.blogspot.com/2012/05/yes-you-can-have-fun-with-downloads.html
It's closely related to many other fundamental, open issues with
browser UI design - but I guess it's an interesting highlight.
/mz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] things you can do with downloads
- From: Charles Morris
- Re: [Full-disclosure] things you can do with downloads
- Prev by Date: [Full-disclosure] [Security-news] SA-CONTRIB-2012-087 - Comment Moderation - Cross Site Request Forgery
- Next by Date: [Full-disclosure] [Security-news] SA-CONTRIB-2012-088 - Mobile Tools - Cross Site Scripting (XSS)
- Previous by thread: [Full-disclosure] [Security-news] SA-CONTRIB-2012-087 - Comment Moderation - Cross Site Request Forgery
- Next by thread: Re: [Full-disclosure] things you can do with downloads
- Index(es):
