> A possible hole that I can see goes as follows: > Certain browsers employ an algorithm that inspects the first few bytes > of incoming content and if it looks like HTML displays as text/html even > if the MIME type in the Content-Type: header says it is something else. > I suppose that that such a browser receiving a JPEG file constructed, > using COMment records etc to make it look and parse enough like an HTML > file to fool the browser (whilst also being a valid JPEG file) may well > run embedded <script> tags etc. Hehe, "certain browsers". We can really be specific, http://msdn.microsoft.com/library/default.asp?url=/workshop/networking/moniker/overview/appendix_a.asp It might be a good source to find out how to circumvent certain security measures in proxies. If I understand the description correctly, it might at least be be possible to send my_picture.jpg to IE, with server suppiled mime-type application/octet-stream, which then is opened in adobe acrobat without user-intervention, because it really is a pdf - but I didn't test it! I don't like the fact that IE tries to be so damn clever in deciding what type a file really is... cheers, oliver
This archive was generated by hypermail 2b30 : Sun Nov 11 2001 - 13:27:11 PST