Web Application Security
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Re: IE11 is not following CORS specification for local files Oct 05 2016 07:54PM
Ricardo Iramar dos Santos (riramar gmail com)
I did a small improvement in this attack.
Using IE File API
(https://msdn.microsoft.com/en-us/library/hh772315(v=vs.85).aspx) an
attacker would be able to create a web page with the content below and
send to a victim.
A local file with the same content that I sent previously would be
created on down...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus