![]() ![]() none will be found), but when the user asks to save that PDF, their request is "hijacked" and they are delivered the tainted PDF from Site B. The attacker alters the HTML of Site A (perhaps through an XSS or similar attack) to add the "data" element to the tag, which references the tainted PDF on Site B.ĭuring normal use, the user sees the PDF on Site A (which Site A can continue to scan for infection. Site B is an untrusted, attacker-operated site that provides an infected PDF. Site A, a semi-trusted site, provides a PDF for viewing to its users via the syntax. In what way is this comparable to request forgery? Thanks for flying air /r/netsec || CISO AMA w/ Michael Coates & Rich Mason.r/vrd - Vulnerability Research and Development r/rootkit - Software and hardware rootkits r/REMath - Math behind reverse engineering r/netsecstudents - netsec for noobs students r/Malware - Malware reports and information r/crypto - Cryptography news and discussion We're also on: Twitter, Facebook, & Google + Related Reddits » Our fulltext list of prohibited topics & sources Social ![]() ![]() No populist news articles (CNN, BBC, FOX, etc.) » Our fulltext discussion guidelines Prohibited Topics & Sources » Our fulltext content guidelines Discussion Guidelinesĭon't complain about content being a PDF.įollow all reddit rules and obey reddiquette. Hiring posts must go in the Hiring Threads. Non-technical posts are subject to moderation. r/netsec only accepts quality technical posts. "Give me root, it's a trust exercise." Featured Posts A community for technical news and discussion of information security and closely related topics. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |