- From: Adam Barth <w3c@adambarth.com>
- Date: Tue, 31 Mar 2009 14:26:31 -0700
- To: Adrien de Croy <adrien@qbik.com>
- Cc: Julian Reschke <julian.reschke@gmx.de>, ietf-http-wg@w3.org
On Tue, Mar 31, 2009 at 2:23 PM, Adrien de Croy <adrien@qbik.com> wrote: > Do servers sniff to try and fill in the Content-Type field? Yes. We found this is quite common when we examined open-source Web applications that accept user uploads. For example, Wikipedia does this. > Most I think have a fairly simplistic static mapping of file extension to Content-Type. This is how Apache works. > Many types of content already have a signature in them which can be used to > determine type. e.g jpegs, gifs etc. Wikipedia uses this technique. Mismatches between a site's sniffing algorithm and the user agent's sniffing algorithm often lead to exploitable vulnerabilities. See Section 2.5 of http://www.adambarth.com/papers/2009/barth-caballero-song.pdf for two concrete examples of how this happens. Adam
Received on Tuesday, 31 March 2009 21:27:22 UTC