Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FYI: [Full-disclosure] Backdooring Image Files - security notice



> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 15 Dec 2006 13:14:59 +0800
> From: "pdp (architect)" <pdp.gnucitizen@xxxxxxxxxxxxxx>
> Subject: [Full-disclosure] Backdooring Image Files - security notice
> To: "Web Security" <websecurity@xxxxxxxxxxxxx>,
>       full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:
>       <6905b1570612142114m5b078aa4wecb025d6e4c14ba1@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> I will be brief. There is a rather lame/concerning technique, most of
> you know about, that allows JavaScript to be executed upon visiting an
> image file. This issue is not due to some browser error, although
> clearly IE has some issues with it, but it is due to web applications
> not sanitizing user supplied content in a form of links.
> 
> I will skip the rest for those who are not interested in this topic.
> Those who are interested can check this post:
> http://www.gnucitizen.org/blog/backdooring-images
> 
> BIDs worth checking out:
> * http://www.securityfocus.com/bid/3693
> * http://www.securityfocus.com/bid/3116
> 
> This technique, although not as robust as the QuickTime flow, can be
> used to write worms for Bulletin Boards, Blogs, Wikis and other types
> of web systems. I conducted a small survey, which I am not going to
> disclose, showing quite concerning figures.
> 
> Has anyone experienced these types of worms yet?
> 
> -- 
> pdp (architect) | petko d. petkov
> http://www.gnucitizen.org
> 
> 
> 
> ------------------------------
> 



 




Copyright © Lexa Software, 1996-2009.