: Evan Martin (evan) wrote in evan_tech,
2007-01-03 13:25:00

Evan Martin
evan
evan_tech
2007-01-03 13:25:00

universal pdf xss

Reportedly, any site hosting a PDF has an XSS exploit. The link has example XSS on Google, Microsoft, Bank of America(!), and others.

I anticipate a great flushing sound as every site removes all of their PDFs.

Update: it occurs to me that you could probably also fix this with a mod_rewrite (or equivalent) rule that 403's all parameters to PDF urls. Update2:

supersat points out that won't work.

[via

halkeye]

blog moved

As described elsewhere, I've quit LiveJournal. If you're interested in my continuing posts, you should look at one of these (each contains feed…
dremel

They published a paper on Dremel, my favorite previously-unpublished tool from the Google toolchest. Greg Linden discusses it: "[...] it is capable…
treemaps

I finally wrote up my recent adventures in treemapping, complete with nifty clickable visualizations.

Post a new comment
Error
Anonymously

Log in

default userpic

When you submit the form an invisible reCAPTCHA check will be performed.
You must follow the Privacy Policy and Google Terms of use.

Preview comment

Help
12 comments

Post a new comment
12 comments

blog moved

As described elsewhere, I've quit LiveJournal. If you're interested in my continuing posts, you should look at one of these (each contains feed…
dremel

They published a paper on Dremel, my favorite previously-unpublished tool from the Google toolchest. Greg Linden discusses it: "[...] it is capable…
treemaps

I finally wrote up my recent adventures in treemapping, complete with nifty clickable visualizations.

universal pdf xss

blog moved

dremel

treemaps

Error

blog moved

dremel

treemaps