This is Adi Cohen's Typepad Profile.
Join Typepad and start following Adi Cohen's activity
Join Now!
Already a member? Sign In
Adi Cohen
Recent Activity
Hi Nick, That's a great catch. This could allow for a file with the following name to exist: a/a.txt" .html When a user double-click this file, the registered application will get access to a file named 'a.txt' under a folder named 'a'. The attached image shows this scenario. http://img821.imageshack.us/img821/8010/36262549.png Updated machines will not accept a file whose name contains a double-quote sign. Therefore breaking out of the string surrounding the path in order to add arguments or just truncate the path string itself (used in the example above) will not work. However, it is possible to use the following file name: a/a.html To produce a case where patched systems will still open the file 'a.html' under the folder 'a' instead of the real file.
Very nice, I suspected this could be possible but haven't got around to it. thanks for sharing
Adi Cohen is now following AppSecInsider
Jul 10, 2012
HTML Sanitizing Bypass - CVE-2012-1858 Introduction The toStaticHTML component, which is found in Internet Explorer > 8, SharePoint and Lync is used to sanitize HTML fragments from dynamic and potentially malicious content. If an attacker is able to break the... Continue reading
Posted Jul 10, 2012 at IBM Application Security Insider
Introduction: Microsoft Anti-XSS Library is used to protect applications from Cross-Site Scripting attacks, by providing methods for input sanitization. Vulnerability: Microsoft Anti-XSS Library 3.0 and 4.0 are vulnerable to an attack in which an attacker is able to create a... Continue reading
Posted Jan 19, 2012 at IBM Application Security Insider
Adi Cohen is now following The Typepad Team
Oct 6, 2011