countermeasure against attacks through HTML shared files



Hello,

I wanted to announce a Pomcor white paper that
looks at attacks through HTML shared files in Web
applications and proposes a countermeasure. These
are essentially XSS attacks, but the usual
defenses against XSS are typically not available,
because shared files cannot be sanitized.

The paper is available at:

http://www.pomcor.com/whitepapers/file_sharing_security.pdf

I have not been able to find much prior work.
What I've found is discussed in Section 2 of the
paper. If I've missed something, please let me
know.

Thanks,

Francisco Corella



Relevant Pages

  • [Full-Disclosure] Re: New Web Vulnerability - Cross-Site Tracing
    ... then it could pose a significant threat. ... >and the involvement of three parties in XSS (attacker, victim, ... As specific issues in widely-deployed pieces of software become less common, attacks against application components will become more common. ... >But that should only affect how XSS is prioritized as a vulnerability ...
    (Full-Disclosure)
  • [VulnWatch] Re: New Web Vulnerability - Cross-Site Tracing
    ... then it could pose a significant threat. ... >and the involvement of three parties in XSS (attacker, victim, ... As specific issues in widely-deployed pieces of software become less common, attacks against application components will become more common. ... >But that should only affect how XSS is prioritized as a vulnerability ...
    (VulnWatch)
  • Re: RES: Web site defacing
    ... XSS attacks client-side, not the application itself... ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • [Full-disclosure] XSS + XSRF/CSRF...
    ... Recently I've been testing some methods or semi-methods of securing web applications against ... XSRF/CSRF attacks (crypto tokens, POST instead of GET, Referer header validation, etc.). ... This is where XSS come into play. ...
    (Full-Disclosure)
  • Re: [Full-disclosure] XSS + XSRF/CSRF...
    ... XSS/CSRF attacks. ... Keep XSS vulns to minimum (i.e.: filter all user input that gets ... Tokenize all requests ... The webapp correctly tokenizes the change-password and change-email ...
    (Full-Disclosure)