Not a google vuln. Hunt down MSFT to pay for your bug. Oh wait they dont pay for free research.. 0noz, you wont get any candy !
2011/1/27, IEhrepus <5up3r...@gmail.com>: > Security is a general,Many security issues are composed of many > different vulnerabilities of different factory. > > like " mhtml:http://www.google.com/gwt/n?u=[mhtml file url]!xxxx " this vul > > ---------------------------------------------------------------- > so we come back this vul need two Conditions > 1.www.google.com app don't filter the CRLF > 2.IE support mhtml protocol handler to render the mhtml file format, > and this is the why mhtml: is designed > -------------------------------------------------------------- > > Both are indispensable. so google's vul is that don't take into > account the security implications using mhtml, > > the MS vul is that "it does not honor Content-Type and related headers > (or even "nosniff")." like MZ saiy > > GG and MS ,both are vul... > > in addition, if MS saiy this is mhtml: 's original function, So google > is very dangerous to the user who using IE > > Even if MS fixed it. how about the google users who do not have time > to upgrade IE ? > > ----by superhei > hitest > > > > 2011/1/26 Michal Zalewski <lcam...@coredump.cx>: >>> 1.www.google.com app don't filter the CRLF >> >> This is not strictly required; there are other scenarios where this >> vulnerability is exploitable. >> >>> 2.IE support mhtml protocol handler to render the mhtml file format, >>> and this is the why mhtml: is designed >> >> The real problem is that when mhtml: is used to fetch the container >> over an underlying protocol, it does not honor Content-Type and >> related headers (or even "nosniff"). >> >> /mz >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/