<<< Date Index >>>     <<< Thread Index >>>

Re: Security Advisory for ALL forum services with client-set images



James Bandara wrote/schrieb/scripsit:
To block this I suggest you edit your service to only accept links that end in image formats for images before the querystring.

That doesn't really help ─ the attacker can send a HTTP redirect from an innocent-looking URL.

-Stefan
--
junior guru   SP666-RIPE     JID:stefanp@xxxxxxxxxxxxxxxx    SMP@IRC