Universal Browser PDF XSS vulnerability

Posted on January 5, 2007 - Filed Under Application Security, Phishing | Leave a Comment

Everyday application security is facing new threats and it challenges the business users. The latest is in the form of XSS attacks; where an application serving PDF files are vulnerable to these attacks.
Attackers simply have to add an anchor containing a script, e.g. add #blah=javascript:alert(document.cookie); to ANY URL that ends in .pdf (or streams a [...]

• Recently Written

  • VeriSign laptop theft
  • Trusted Phishing
  • VVestern Union Phishing
  • Phishing - attacks and countermeasures
  • First bank in Bahrain to get ISO 27001 certified for information security
  • IT Security Engineer at International Oil Company at Abu Dhabi
  • RBI seeks data from banks on frauds
  • Preventing Theft In The Corporate World
  • Drive-By Pharming
  • Default Password list

• Categories

  • Access Control
  • Application Security
  • General
  • Jobs
  • News
  • Phishing
  • Regulations
  • Security Management
  • Security Standards

• Archives

  • August 2007
  • June 2007
  • April 2007
  • March 2007
  • January 2007
  • December 2006
  • November 2006

• Blogroll

  • IG Mentor - Mentoring Information Governance
  • OWASP

• Search

Sponsers