[Owasp-brazil] Internet Explorer Download Zones Mix-up leads to XSS
Marcos Aurelio Rodrigues
deigratia33 at gmail.com
Wed Dec 26 08:40:56 EST 2007
O que acham? Mensagem enviada na webappsec da securityfocus...
I would like to point you to a flaw I recently discovered in Internet
Explorer that could - under certain conditions - be exploited against a
large number of web-applications. The flaw results in XSS holes in websites
that allow the downloading of user-controlled HTML files (for example,
webmail and forum services).
For more details, you are welcomed to read the blog post at:
Marcos Aurelio Rodrigues (DEiGrAtiA-33)
<deigratia33 at gmail.com>
Mirabilia laudo semprer, Dei
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-brazil