Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This can't be used for XSS or the like, really. The way it works is that the PNG is first interpreted as HTML by the browser (hence the filename) and then it loads itself into an image tag, causing it to be interpreted as a PNG. Once it's loaded into the image tag, the image is drawn to a canvas so that the code -- embedded in the PNG -- can be extracted and executed.

While fun, the only real security concern here is that it's really good at pissing off IDSes.

Edit: I linked my article describing the technique in another comment here if you want to see how horrible it really is. I'm always both proud of and disgusted by myself for this technique.



It did actually uncover something. A huge leak in chrome for me. While this is running Chrome memory usage just climbs and climbs. http://dl.dropbox.com/u/586869/Screenshots/chrome%20leak.png


I just dug into and can confirm. MIME is returned as text/html and browser reads it as such. still very clever.

It's actually kind of a good test of browser compliance in a sick way.


The Duff's Device of browsers? :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: