[23314] in bugtraq
Re: File extensions spoofable in MSIE download dialog
daemon@ATHENA.MIT.EDU (chef)
Thu Nov 29 16:04:10 2001
From: "chef" <chef@cube.blinx.de>
To: "'StatiC'" <static@tampabay.rr.com>, <bugtraq@securityfocus.com>
Date: Thu, 29 Nov 2001 19:03:21 +0100
Message-ID: <000001c17900$21868730$a21a73c2@blinx.de>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
In-Reply-To: <20011128215132.A1379@milla.xStatiCa.com>
Content-Transfer-Encoding: 8bit
-----Ursprüngliche Nachricht-----
> Von: StatiC [mailto:static@tampabay.rr.com]
> Gesendet: Donnerstag, 29. November 2001 03:52
>
> I was playing with apache configs a few months ago and
> noticed a similar issue with IE5.5. The procodure below will
> cause IE5.5 to display the open dialog for readme.txt but
> once opened, it executes immediately on IE5.5 sp2 with no
> hint that it is really getting an executable file called
> calc.exe. I only tested it with IE5.5.
I testet it right now, with IE6; Q312461 / WinXP and i think
there is no problem at all.
First a question for text.txt pops up and when i say "open"
a second message with question for save / open pops up.
This second popup tells the right name "calc.exe" .
Finally when i say "open" it opens the calculator.
For testing: http://www.geilerserver.de/text.txt
> Why does microsoft think it is wise to trust the filename in
> the url over what the header content-type is set to for
> display purposes since the content-type seems to take
> priority for what will really happen with the file.
I think that's only a Problem of older Versions.
^cUbE^
