Comments on: Content-Disposition Hacking http://www.gnucitizen.org/blog/content-disposition-hacking/ Information Security Think Tank Sat, 02 Feb 2013 17:50:40 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: Anant Shrivastava http://www.gnucitizen.org/blog/content-disposition-hacking/comment-page-1/#comment-134229 Anant Shrivastava Fri, 25 Jan 2013 09:56:32 +0000 http://www.gnucitizen.org/blog/content-disposition-hacking#comment-134229 Awesome was just looking for something simmilar. Altohugh i know i am atleast 5 years late. however what about POST request do you see a flaw in that too. as GET i can understand the requesting url trust is what we can voilate. Awesome was just looking for something simmilar. Altohugh i know i am atleast 5 years late. however what about POST request do you see a flaw in that too. as GET i can understand the requesting url trust is what we can voilate.

]]> By: Serkan KURT - Ar-Ge|Bilgi İşlem|Sistem|Network|Güvenlik http://www.gnucitizen.org/blog/content-disposition-hacking/comment-page-1/#comment-128107 Serkan KURT - Ar-Ge|Bilgi İşlem|Sistem|Network|Güvenlik Wed, 20 Jan 2010 02:14:36 +0000 http://www.gnucitizen.org/blog/content-disposition-hacking#comment-128107 [...] için çeşitli problemlere yol açabilmektedir, ilgili ataklarını incelemek isteyen arkadaşlar şuradan devam [...] [...] için çeşitli problemlere yol açabilmektedir, ilgili ataklarını incelemek isteyen arkadaşlar şuradan devam [...]

]]> By: Adrian Pastor http://www.gnucitizen.org/blog/content-disposition-hacking/comment-page-1/#comment-74437 Adrian Pastor Tue, 20 Nov 2007 13:35:26 +0000 http://www.gnucitizen.org/blog/content-disposition-hacking#comment-74437 btw, I meant to say *locally*. btw, I meant to say *locally*.

]]> By: Adrian Pastor http://www.gnucitizen.org/blog/content-disposition-hacking/comment-page-1/#comment-74436 Adrian Pastor Tue, 20 Nov 2007 13:34:12 +0000 http://www.gnucitizen.org/blog/content-disposition-hacking#comment-74436 @eXeCuTe - IE 7 displays a warning when opening files locall - which is great in my opinion. Even opening a .html file with a empty JS snippet causes the warning to show: <pre><code><script>//TEST</script></code></pre> On Firefox however, no warning is shown, which scares me as you can steal any files by using XHR() Anyway, if you can cause manipulate the content-disposition reponse on a site, you can exploit the trust the victim has on that brand/company. @Alice and @eXeCuTe - what you guys are telling is creeping the heck out of me! I guess we all are in similar frequencies! @eXeCuTe – IE 7 displays a warning when opening files locall – which is great in my opinion. Even opening a .html file with a empty JS snippet causes the warning to show: 

<script>//TEST</script>

On Firefox however, no warning is shown, which scares me as you can steal any files by using XHR()

Anyway, if you can cause manipulate the content-disposition reponse on a site, you can exploit the trust the victim has on that brand/company.

@Alice and @eXeCuTe – what you guys are telling is creeping the heck out of me! I guess we all are in similar frequencies!

]]> By: eXeCuTe http://www.gnucitizen.org/blog/content-disposition-hacking/comment-page-1/#comment-72693 eXeCuTe Sun, 18 Nov 2007 11:45:43 +0000 http://www.gnucitizen.org/blog/content-disposition-hacking#comment-72693 Alice, it's even more weird. i also tried that, yesterday, and now i see this.. strange :) anyway, this is a really cool idea... but i do get the ActiveX warning on IE, even if i don't use any off-site files, why is that? with FF it works great.. Alice, it’s even more weird. i also tried that, yesterday, and now i see this.. strange :)

anyway, this is a really cool idea… but i do get the ActiveX warning on IE, even if i don’t use any off-site files, why is that?
with FF it works great..

]]> By: Gafoa http://www.gnucitizen.org/blog/content-disposition-hacking/comment-page-1/#comment-67435 Gafoa Thu, 08 Nov 2007 01:53:36 +0000 http://www.gnucitizen.org/blog/content-disposition-hacking#comment-67435 people at gnu are just smart I plan on looking for a few bugs etc... My self now people at gnu are just smart I plan on looking for a few bugs etc… My self now

]]> By: Alice http://www.gnucitizen.org/blog/content-disposition-hacking/comment-page-1/#comment-65808 Alice Tue, 06 Nov 2007 07:15:58 +0000 http://www.gnucitizen.org/blog/content-disposition-hacking#comment-65808 It's weird, I was attempting to do this exact same thing only yesterday, and now I see your article. Very good work- it'll come in handy. It’s weird, I was attempting to do this exact same thing only yesterday, and now I see your article.

Very good work- it’ll come in handy.

]]> By: Awesome AnDrEw http://www.gnucitizen.org/blog/content-disposition-hacking/comment-page-1/#comment-65436 Awesome AnDrEw Mon, 05 Nov 2007 16:29:12 +0000 http://www.gnucitizen.org/blog/content-disposition-hacking#comment-65436 This is a lot similar to many forum services that offer user-uploadable attachments, and then use the "Content-Disposition" header to have them appear in a prompt as displayed. I've never come across a situation other than something along those lines though I did do some experimenting with files served in that manner, and figured that as the file executes in a local zone (the internet cache) if one could convince someone else to open the file as long as it did not contain any off-site files it should render on Internet Explorer without the ActiveX warning appearing. This is a lot similar to many forum services that offer user-uploadable attachments, and then use the “Content-Disposition” header to have them appear in a prompt as displayed. I’ve never come across a situation other than something along those lines though I did do some experimenting with files served in that manner, and figured that as the file executes in a local zone (the internet cache) if one could convince someone else to open the file as long as it did not contain any off-site files it should render on Internet Explorer without the ActiveX warning appearing.

]]>