BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Jan 04 2007 10:00AM
HASEGAWA Yosuke (yosuke hasegawa gmail com)
Hi,
As the server side solution, force rewriting fragment identifiers in URI by
redirecion responce can be considered.
Disallow the directoly access to PDF on the server and return response such as:
--
Location: http://example.com/one-shot-url.pdf#top
--
As a result, fragment identifiers in URI i...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
As the server side solution, force rewriting fragment identifiers in URI by
redirecion responce can be considered.
Disallow the directoly access to PDF on the server and return response such as:
--
Location: http://example.com/one-shot-url.pdf#top
--
As a result, fragment identifiers in URI i...
[ more ]