Actions

J1.5

Possible IE XSS Attack

From Joomla! Documentation

Revision as of 19:20, 1 September 2013 by Tom Hutchison (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Replacement filing cabinet.png
This Namespace has been archived - Please Do Not Edit or Create Pages in this namespace. Pages contain information for a Joomla! version which is no longer supported. It exists only as a historical reference, will not be improved and its content may be incomplete.

It is a check run to ensure that an image uploaded doesn't flip IE6 into one of its weird quirks where it will take a perfectly valid looking image and treat it as a web page. This can cause potential for an XSS attack where in an uploaded file can be run on the server. It appears that this has been fixed in IE7 or greater.

There are a few checks that the Joomla Media Manager does to try and ensure that what is being uploaded is sane. If it is an image we attempt to check it has valid dimensions, for other file types it attempts to validate that the mime type is correct using fileinfo or mime magic though if you're an administrator or higher (super admin) these checks can be bypassed - though the XSS can't be bypassed and is run even if all other checks pass.

Typically if you have a look at the EXIF data of the image there will be something resembling HTML that could trip IE up. It errs on the safe side and prevents it. Stripping the HTML from the image metadata should fix the problem.

Further Reading