A Bag Full Of Tricks
I also mentioned that the data: URL schema (the technology that used to transport binary payloads), discussed in this article, is supported by Firefox, Opera and Konqueror. IE6 and IE7 have partial support only through other protocols. That of course reduces the impact of this type of attack. Fortunately or not, there is something else the attackers can use to achieve similar effect. The technique works well in all browsers and some of you might already be familiar with it.
Everybody knows about the
Still, attackers can generate HTML pages on the fly. That of course depending on the effect they want to achieve can be low, medium or high security risk. I am quite excited to see how this technology will fit into modern browsers in the future.
Soon or latter developers will decide to get rid of the server side report generation scripts, etc., and do everything from the client. That will be the perfect time for attackers to start implementing cross document injection techniques where they will be able to plug everything they want in any type of file format they need.