[Full-disclosure] www.google.com xss vulnerability Using mhtml
lcamtuf at coredump.cx
Thu Jan 27 05:43:28 GMT 2011
> 1.www.google.com app don't filter the CRLF
This is not strictly required; there are other scenarios where this
vulnerability is exploitable.
> 2.IE support mhtml protocol handler to render the mhtml file format,
> and this is the why mhtml: is designed
The real problem is that when mhtml: is used to fetch the container
over an underlying protocol, it does not honor Content-Type and
related headers (or even "nosniff").
Full-Disclosure is hosted and sponsored by Secunia.