A robust defense against Content-Sniffing XSS attacks

@article{Gebre2010ARD,
  title={A robust defense against Content-Sniffing XSS attacks},
  author={Meseret Gebre and Kyung-suk Lhee and Manpyo Hong},
  journal={6th International Conference on Digital Content, Multimedia Technology and its Applications},
  year={2010},
  pages={315-320}
}
Many Web sites such as MySpace, Facebook and Twitter allow their users to upload files. However when a Web site's Content-Sniffing algorithm differs from a browser's Content-Sniffing algorithm, an attacker can often mount a Content-Sniffing XSS attack on the visitor. That is, by carefully embedding HTML code containing malicious script into a non-HTML file and uploading this file to the Web site, an attacker can deceive the visitor's browser into assuming the file as HTML file and run the… CONTINUE READING
Highly Cited
This paper has 21 citations. REVIEW CITATIONS
14 Citations
12 References
Similar Papers

References

Publications referenced by this paper.
Showing 1-10 of 12 references

Risky sniifing mime sniifing in internet explorer enables cross site scripting attacks

  • H Sudhof
  • http://www.h­ online.comlsecurity/featureslRisky…
  • 2009
Highly Influential
7 Excerpts

Flirting with mime types a browsers perspective

  • B. Frantz
  • ypes.pdf (Feb
  • 2008
Highly Influential
9 Excerpts

mimelcontent-type-sniifing issues in image upload in forum scripts

  • J. Copeau
  • 2009
2 Excerpts

Html sanitization

  • M. Pilgrim
  • http://www.feedparser.orgldocslhtrnlsanitization…
  • 2006
2 Excerpts

How to Prevent cross-site scripting in asp

  • J. Meier, A. Mackman, B. Wastell, P. Bansode, A. Wigley
  • net. " http://msdn.microsoft.com/enus/ Jibrary…
  • 2005
1 Excerpt

Similar Papers

Loading similar papers…