Evan Martin (evan) wrote in evan_tech,
Evan Martin
evan
evan_tech

universal pdf xss

Reportedly, any site hosting a PDF has an XSS exploit. The link has example XSS on Google, Microsoft, Bank of America(!), and others.

I anticipate a great flushing sound as every site removes all of their PDFs.

Update: it occurs to me that you could probably also fix this with a mod_rewrite (or equivalent) rule that 403's all parameters to PDF urls. Update2: supersat points out that won't work.

[via halkeye]
Subscribe

  • socks5 proxying flash via ssh

    Suppose you're in Germany and want to watch some Flash-based videos that are IP-limited to the US for whatever reason. At first you'd think you could…

  • use chrome as your emacs browser

    The emacs-configured browser is used for operations like previewing your markdown buffer ( markdown-preview; C-c C-c p in markdown-mode). I still…

  • recovering a disk clobbered with dd

    I managed to accidentally dd 600mb over my primary disk; I haven't done that in many years. Adam thankfully pointed out that my data should be…

  • Post a new comment

    Error

    switch
    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
    Help
  • 13 comments

  • socks5 proxying flash via ssh

    Suppose you're in Germany and want to watch some Flash-based videos that are IP-limited to the US for whatever reason. At first you'd think you could…

  • use chrome as your emacs browser

    The emacs-configured browser is used for operations like previewing your markdown buffer ( markdown-preview; C-c C-c p in markdown-mode). I still…

  • recovering a disk clobbered with dd

    I managed to accidentally dd 600mb over my primary disk; I haven't done that in many years. Adam thankfully pointed out that my data should be…