Comments on: Content-Disposition Hacking

By: Adrian Pastor

Adrian Pastor — Tue, 20 Nov 2007 13:35:26 +0000

btw, I meant to say *locally*.

By: Adrian Pastor

Adrian Pastor — Tue, 20 Nov 2007 13:34:12 +0000

@eXeCuTe - IE 7 displays a warning when opening files locall - which is great in my opinion. Even opening a .html file with a empty JS snippet causes the warning to show:

On Firefox however, no warning is shown, which scares me as you can steal any files by using XHR()

Anyway, if you can cause manipulate the content-disposition reponse on a site, you can exploit the trust the victim has on that brand/company.

@Alice and @eXeCuTe - what you guys are telling is creeping the heck out of me! I guess we all are in similar frequencies!

By: eXeCuTe

eXeCuTe — Sun, 18 Nov 2007 11:45:43 +0000

Alice, it’s even more weird. i also tried that, yesterday, and now i see this.. strange :)

anyway, this is a really cool idea… but i do get the ActiveX warning on IE, even if i don’t use any off-site files, why is that?
with FF it works great..

By: Gafoa

Gafoa — Thu, 08 Nov 2007 01:53:36 +0000

people at gnu are just smart I plan on looking for a few bugs etc… My self now

By: Alice

Alice — Tue, 06 Nov 2007 07:15:58 +0000

It’s weird, I was attempting to do this exact same thing only yesterday, and now I see your article.

Very good work- it’ll come in handy.

By: Awesome AnDrEw

Awesome AnDrEw — Mon, 05 Nov 2007 16:29:12 +0000

This is a lot similar to many forum services that offer user-uploadable attachments, and then use the “Content-Disposition” header to have them appear in a prompt as displayed. I’ve never come across a situation other than something along those lines though I did do some experimenting with files served in that manner, and figured that as the file executes in a local zone (the internet cache) if one could convince someone else to open the file as long as it did not contain any off-site files it should render on Internet Explorer without the ActiveX warning appearing.