Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
GZ handling and MIME spoofing
Posted by: ntp
Date: December 23, 2006 05:03PM

I came across this the other day and wanted to post regarding it. There are two separate issues: 1) improper handling of gz files and 2) spoofing MIME types

http://reversemode.com/index.php?option=com_content&task=view&id=24&Itemid=1

I've seen similar stuff for mailto popups in avatars using htaccess and php. And this isn't quite as neat, but still interestingly bad browser behavior.

Options: ReplyQuote
Re: GZ handling and MIME spoofing
Posted by: jungsonn
Date: December 23, 2006 05:25PM

Yep, but the modifications takes place on the server, that is a little suspicious if i may say. If a browser can't trust that anymore, there's little left to browsing i guess. Maybe, it can be performed by using open redirects and forcing the mime-type.

Options: ReplyQuote


Sorry, only registered users may post in this forum.