ToorCon 9: URI use and abuse - Hack a Day

ToorCon 9: URI use and abuse

posted Oct 21st 2007 8:50pm by Eliot Phillips
filed under: misc hacks

[Nathan McFeters] and [Rob Carter] gave a presentation on the problems with URI handling. URIs are used to send commands to external applications from a web browser. itms:// for iTunes for example. Any application that registers a URI has the potential to be abused through this route. For their first example they showed a stack overflow in Trillian’s AIM handling. The next demo created a “Critical Update Available” button on Picasa’s interface. When the user clicked it, their photos would be uploaded to the attacker’s server. They even display a “download progress” bar to encourage the user to keep the connection open. You can read about the attack on cocontributor Billy Rios’s blog.

Comments [1]

tagged: toorcon, uri

Recent Posts

Build a camera boom at less than a grand (11/21/2009)
LED PDF from TI (KUWTA) (11/21/2009)
Review: mbed NXP LPC1768 microcontroller (11/21/2009)
Multixylophoniomnibus (11/20/2009)
Tube prototyping station (11/20/2009)

Reader Comments

Informated Article… Appreciated!

Posted at 8:09 am on Oct 24th, 2007 by Napul

Leave a Reply

Hack a Day serves up fresh hacks each day, every day from around the web and a special How-To hack each week.

Send us your hacks

Hacks

Resources

RSS newsfeeds

RSS news feed

Powered by WordPress

Most commented on (30 days)

Recent comments

James. Braselton on SSD upgrade for 24" iMac
dan on Unreasonably bright bike light apparently hunts deer
Guitar Tuition Reviews on Reverse geocache puzzle
ahvv on Giant bulb VU meter
cleide on JScanlogAlert Hardware network monitor
frank on Tube prototyping station
jeditalian on With Zipit, who needs a netbook?
Gregory on Canon PIXMA CD Printing
moo on Build a camera boom at less than a grand
Tomasz on Tauntaun costume