Blog Post on Type Confusion and Content Sniffing

[HockeyInJune]

Research Type Confusion and Content Sniffing, and build a working payload for a vulnerable browser (like IE 6).

Often not discussed, this complex vulnerability has huge ramifications on the web. Although having multiple short bursts of popularity with GIFAR and JPEGZIP, this vulnerability still doesn't have an OWASP page. Please feel free to add any more resources you find on this subject.

General Information

• http://www.gnucitizen.org/blog/java-jar-attacks-and-features/
• http://www.adambarth.com/papers/2009/barth-caballero-song.pdf
• http://code.google.com/p/browsersec/wiki/Part2#Content_handling_mechanisms
• http://riosec.com/how-to-create-a-gifar
• http://software.imdea.org/~juanca/papers/caballero_thesis_sep2010.pdf (Section 6.2)
• http://www.zdnet.com/blog/security/black-hat-sneak-preview/1619
• http://www.zdnet.com/blog/security/on-gifars/1635
• http://heasman.blogspot.com/2008/08/on-gifars.html
• http://riosec.com/more-on-gifars-and-other-java-smuggling-fun
• https://bugzilla.mozilla.org/show_bug.cgi?id=175848
• http://security.stackexchange.com/questions/12896/does-x-content-type-options-really-prevent-content-sniffing-attacks
• https://www.owasp.org/index.php/Podcast_13

Solutions and Responses

• http://securethoughts.com/2009/01/easy-server-side-fix-for-the-gifar-security-issue/
• http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx