Many Web sites such as MySpace, Facebook and Twitter allow their users to upload files. However when a Web site's Content-Sniffing algorithm differs from a browser's Content-Sniffing algorithm, an attacker can often mount a Content-Sniffing XSS attack on the visitor. That is, by carefully embedding HTML code containing malicious script into a non-HTML file and uploading this file to the Web site, an attacker can deceive the visitor's browser into assuming the file as HTML file and run the script code. However Content-Sniffing XSS attack can be avoided if files uploaded on the server are checked for HTML codes. In this paper we propose a server-side ingress filter that aims to protect vulnerable browsers which may treat non-HTML files as HTML files. Our filter examines user-uploaded files against a set of potentially dangerous HTML elements (a set of regular expressions). The results of our experiment show that the proposed automata-based scheme is highly efficient and more accurate than existing signature-based approach.
[1]
Alfred V. Aho,et al.
Efficient string matching
,
1975,
Commun. ACM.
[2]
Tsern-Huei Lee.
Generalized Aho-Corasick Algorithm for Signature Based Anti-Virus Applications
,
2007,
2007 16th International Conference on Computer Communications and Networks.
[3]
Tim Berners-Lee,et al.
Hypertext Markup Language - 2.0
,
1995,
RFC.
[4]
Dawn Xiaodong Song,et al.
Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves
,
2009,
2009 30th IEEE Symposium on Security and Privacy.
[5]
Keith Moore,et al.
Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field
,
1997,
RFC.
[6]
Michael Hicks,et al.
Defeating script injection attacks with browser-enforced embedded policies
,
2007,
WWW '07.
[7]
Stephen McCamant,et al.
Extracting Models of Security-Sensitive Operations using String-Enhanced White-Box Exploration on Binaries
,
2009
.