Paid Advertising is
ha.ckers sla.cking
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
GZ handling and MIME spoofing
Posted by: ntp
Date: December 23, 2006 05:03PM

I came across this the other day and wanted to post regarding it. There are two separate issues: 1) improper handling of gz files and 2) spoofing MIME types

I've seen similar stuff for mailto popups in avatars using htaccess and php. And this isn't quite as neat, but still interestingly bad browser behavior.

Options: ReplyQuote
Re: GZ handling and MIME spoofing
Posted by: jungsonn
Date: December 23, 2006 05:25PM

Yep, but the modifications takes place on the server, that is a little suspicious if i may say. If a browser can't trust that anymore, there's little left to browsing i guess. Maybe, it can be performed by using open redirects and forcing the mime-type.

Options: ReplyQuote

Sorry, only registered users may post in this forum.