<<< Date Index >>>     <<< Thread Index >>>

Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous



pdp (architect) wrote:
Amit, this is very interesting solution and it will probably work in
most cases. However, if the attacker is able to upload PDF documents,
he/she can craft one that will produce the desired result as soon as
it gets opend by the user. This can be achieved by setting the PDF
file to redirect.
I agree. I was thinking about a solution to the fragment problem, which is the topic of the thread (and a much more widespread situation than PDF upload).

-Amit