Security Hero Rotating Header Image

quotMIMEContent-Type-Sniffingquot Issues in Image Uploads in Forum Scripts

Survey: quotMIMEContent-Type-Sniffingquot Issues in Image Uploads in Forum Scripts

Posted by Jacques Copeau on May 28

Survey: "MIME/Content-Type-Sniffing" Issues in Image Uploads in Forum Scripts
Author: Jacques Copeau

Abstract
====================================================
Internet Explorer, especially versions 7 and 6, can be tricked to treat images
as html, opening XSS vulnerabilities in…

URL: http://seclists.org/fulldisclosure/2009/May/0255.html

Leave a Reply

Your email address will not be published. Required fields are marked *