Jump to content

Talk:MHTML

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 80.80.172.34 (talk) at 06:00, 9 August 2008. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Here is an interesting cross domain leackage hack, that is implemented using mhtml

IE6.0 and IE7.0 Vulnerable to Complete Cross Domain Leakage

This is some of the worst ownage I’ve seen in a long time. Secunia announced a really nasty cross domain leak for Internet Explorer. This allows anyone with control over a webserver to control anything you do with any page you can connect to. It’s interesting that Secunia marked it as a “less critical” threat, as this pretty much gives any attacker read access to any domain anywhere as long as you are using Internet Explorer 6.0 or 7.0.

The only saving grace here is that it does require access to a server where you can write HTTP headers (or somewhere that you can do header injection/redirection) as you need to force the browser to go to a certain URL which then redirects to another URL. Here’s what the header’s look like: 

   telnet secunia.com 80
   Trying 213.150.41.226…
   Connected to secunia.com.
   Escape character is ‘^]’.
   GET /ie_redir_test_1/1234 HTTP/1.0

   HTTP/1.1 302 Found
   Date: Thu, 19 Oct 2006 15:38:46 GMT
   Server: Apache
   Location: mhtml:http://secunia.com/ie_redir_test_2
   Connection: close
   Content-Type: text/html

   telnet secunia.com 80
   Trying 213.150.41.226…
   Connected to secunia.com.
   Escape character is ‘^]’.
   GET /ie_redir_test_2 HTTP/1.0

   HTTP/1.1 302 Found
   Date: Thu, 19 Oct 2006 15:39:00 GMT
   Server: Apache
   Location: http://news.google.com/
   Connection: close
   Content-Type: text/html

At this point the client is redirected to the server as you (with your credentials) and it is returned as a cachable mhtml file that can be read via XMLHttpRequest since it “appears” to your browser to be located on the machine that did the redirection. Pretty clever. I’ve played around with these sorts of things before but was never successful (obviously I never tried mhtml). It seems to me that someone was saving this one.

And remember our nonces we were using to protect against CSRF? Well forget it, they’re readable by the cross domain leakage now. I don’t know why anyone would say this is a less critical risk as this is complete ownage of the entire internet for users of Internet Explorer. Hopefully Microsoft will patch this one quickly.

This entry was posted on Thursday, October 19th, 2006 at 8:49 am and is filed under XSS, Webappsec. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site. One Response to “IE6.0 and IE7.0 Vulnerable to Complete Cross Domain Leakage”

firefox support

Edit: 04/02/2008 (U.S. date format). This has changed. According to the previously mentioned bug (#18764) Firefox has supported MHT/MHTML since at least 2004-03-21 (see https://bugzilla.mozilla.org/show_bug.cgi?id=18764#c38). More specifically, the changelog shows: vladd@bugzilla.org 2004-04-08 03:20:05 PDT Summary RFE: Full rfc2557 MHTML multipart/related support in BROWSER Full rfc2557 MHTML multipart/related support in BROWSER.

However, the bug does still show as open as of this date, so perhaps full functionality is not present or maybe someone just needs to verify the fix and close the bug. The writer lacks the skill and experience to do so.

--05:08, 3 April 2008 216.84.63.194

Information on Firefox 3 should be included. 82.41.15.93 (talk) 02:50, 12 May 2008 (UTC)[reply]
Having researched this further I found I was able to add functionality to FF3b5(and all current versions it seems) by using an add-on, MAF, and changing it slightly. Should this be mentioned, or is it too obscure?82.41.15.93 (talk) 03:49, 12 May 2008 (UTC)[reply]

Editing support

Hi, fellow Wikipedians

I rewrote the Editing Support section of this article. However, in order to provide verification I used the software program itself as the source and reference for verification, adding links to publicly-available trial versions wherever possible.

Now, using a software program as a source in Wikipedia, as far as I know, is legal: Many computer game articles (e.g. Final Fantasy X-2) are already doing this, referring to a specific dialog in a specific part of a computer game.

However, I understand that this type of source is, shall we say, expensive to verify. Therefore, if someone has better sources, please do not hesitate to modify current sources. In the meantime, please do not remove these sources if you do not have a better replacement, unless there is a change in Wikipedia rules. Fleet Command (talk) 09:25, 15 April 2008 (UTC)[reply]

SHQIPONJA E KOSOVES KOSOVA BASHK ME BJESHKET E RUGOVES KA NJE SIPERFAQE MJAF TE LASHT DHE SHUM ME RANDES TE MADHE GJEOGRAFIKE DHE HISTORIKE MJAFT TE RENDESISHM DHE SHUM ME RENDESI KO KA EDHE MONOMENTE HISTORIKE TE LASHT[[Media:[[Image:]]]]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:MHTML&oldid=230759592"