On Tue, Mar 31, 2009 at 2:23 PM, Adrien de Croy <adrien@qbik.com> wrote: > Do servers sniff to try and fill in the Content-Type field? Yes. We found this is quite common when we examined open-source Web applications that accept user uploads. For example, Wikipedia does this. > Most I think have a fairly simplistic static mapping of file extension to Content-Type. This is how Apache works. > Many types of content already have a signature in them which can be used to > determine type. e.g jpegs, gifs etc. Wikipedia uses this technique. Mismatches between a site's sniffing algorithm and the user agent's sniffing algorithm often lead to exploitable vulnerabilities. See Section 2.5 of http://www.adambarth.com/papers/2009/barth-caballero-song.pdf for two concrete examples of how this happens. AdamReceived on Tuesday, 31 March 2009 21:27:22 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:38:35 GMT