Questions tagged [mime-type]
12 questions
6
votes
1 answer
MIME types that allow XSS in modern browsers
Assume that it is possible to host arbitrary files on goodguys.com, which are delivered with an attacker-controlled MIME type and X-Content-Type-Options=nosniff. Which MIME types allow for XSS when used as src of an iframe, target of a link or in…
Fabian Meumertzheim
- 193
- 1
- 5
3
votes
2 answers
Is it necessarily Content spoofing if the content type of the response does not match the content type of the request?
The security team of my company is stating that content spoofing occurs when they send a different "content-type" for an HTTP request that only accepts JSON content type, and the server response is an error HTML page, naturally with content type…
theeDude
- 33
- 4
2
votes
2 answers
File upload not checking on mime type
So, I have an upload functionality where extension of the filetype is checked correctly (and not currently bypassable). But the mime type is not checked. Does this leave me with some residual risk or possible "attacks". Where I mean attacks in a…
Wealot
- 879
- 2
- 12
- 25
2
votes
3 answers
MIME Type vs. Magic Numbers
I'm interested in a comparison of the two with regards to what's more secure when uploading files on a website (that I'm a programmer for).
Mozilla's page about MIME Types states that "On the Web, only the MIME type is relevant and should be set…
nsaigal
- 21
- 1
- 3
1
vote
0 answers
Letting attacker control content-type, why is this safe?
I found a strange behavior of Shopify, where an attacker can change the extension on a URL and the backend will send back an HTTP content-type matching that extension, for each of these extensions:
atom: application/atom+xml
bmp: image/bmp
css:…
Gavin Wahl
- 111
- 2
1
vote
1 answer
Is XSS via MIME sniffing a Stored or Reflected XSS?
The title says it all. I understand how to exploit XSS via MIME sniffing, but the question is, do you call this type of XSS stored or reflected?
OWASP says
Stored attacks are those where the injected script is permanently
stored on the target…
Izy-
- 853
- 1
- 8
- 17
1
vote
2 answers
Why is " Generic MIME used" a security vulnerability?
Some web application security scanners like Skipfish reports vulnerability "Generic MIME used". In my case this vulnerability was reported for resources like http://my_site/fonts/fontawesome-webfont.ttf, for which Content-Type header returned with…
user187205
- 1,163
- 3
- 15
- 24
1
vote
0 answers
Writing an automated browser - is it risky to accept downloads of any mime type?
Background about my app
I have a browser macro-recording app built with Selenium.
Basically users can use Firefox like normal and record their actions into macros to replay.
Question
In Selenium, I can only download files if I whitelist the mime…
max pleaner
- 131
- 5
1
vote
1 answer
Secure Image Upload, or Bypassing PHP mime-type Check
When securing image uploads there are basically three approaches I know of (of course, ideally, all three are used):
check file extension
store uploaded files in non-executable directory outside the webroot
check content/mime type of the file
For…
tim
- 29,018
- 7
- 95
- 119
0
votes
1 answer
Is it bad to upload a file with an extension like .sh.jpg in FastAPI?
Let's say I have a file named foo.sh.jpg or foo.exe.jpg. FastAPI automatically assigns a content-type: image/jpeg in both cases so if you check the MIME type you technically have an image. I wanted to know if by also having a .sh extension it could…
0
votes
1 answer
Is mime-sniffing still something to protect against with modern browsers (with X-Content-Type-Options)?
I have read about X-Content-Type-Options and it says often that it protects against IE mime sniffing problems.
I am wondering if in 2021 it is still valid and a problem for modern browsers? In other words, will it be beneficial for my web server…
Ilya Chernomordik
- 2,197
- 1
- 21
- 36
0
votes
0 answers
How to intercept application specific MIME types used by 3rd party (Windows) browser/plugins apps?
I'm trying to intercept and decipher scripted code that is sent to a previously installed Windows application, after a user have clicked on a particular URL in their web browser which is somehow returning a MIME response that is intercepted by the…
not2qubit
- 275
- 2
- 8