[Webkit-unassigned] [Bug 22199] Safari, like other browsers, actually parses and runs code in favicon.ico
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 12 15:23:52 PST 2008
https://bugs.webkit.org/show_bug.cgi?id=22199
------- Comment #2 from scott at newgeo.com 2008-11-12 15:23 PDT -------
Here is the latest exploit I found on a server:
curl http://exploited.sesrver.example.com/favicon.ico
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a
href="http://87.248.180.90/in.html?s=sg_err">here</a>.</p>
<hr>
<address>Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8b
mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.25
PHP/5.2.5 Server at example.com Port 80</address>
</body></html>
I can not replicate it here, and I do not have physical access to the above
server.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list