[Tickets #5892] Re: Linked attachment feature vulnerability
bugs at bugs.horde.org
bugs at bugs.horde.org
Sat Nov 17 06:05:46 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5892
-----------------------------------------------------------------------
Ticket | 5892
Updated By | Chuck Hagenbuch <chuck at horde.org>
Summary | Linked attachment feature vulnerability
Queue | IMP
Version | 4.1.3
Type | Bug
State | Feedback
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
Chuck Hagenbuch <chuck at horde.org> (2007-11-16 22:05) wrote:
> I guess that won't do the job either... cause it doesn't matter the
> extension you use, the jar: protocol will interpret it as if it was a
> jar file... i think that the solution begins with "hiding" the
> original attachment. Another google example (this time a good one :P):
>
>
http://mail.google.com/mail/?attid=0.1&disp=attd&view=att&th=1166689ac6fe384d
>
> I'm not sure, but i think that what happens in this situation, is
> that an internal script is run and then you have access to the
> desired attachment. But not directly.
How does that help? By preventing the jar: prefix being on the URL,
because you've done a redirect? I guess that might make sense, and if
that's it that's a relatively simple change...
More information about the bugs
mailing list