Both browsers and popular web servers include so-called MIME-sniffing functionality. This is an underestimated security risk and a vector for Cross Site Scripting vulnerabilities.
The interaction of web servers, browsers, standards and web applications create problems where it's often unclear who's responsible for a vulnerability and who should fix it.
Existing standards almost inevitably lead to vulnerabilities in common web application scenarios. Existing security measures like "X-Content-Type-Options: nosniff" are incomplete and don't provide the expected protection.
The talk will explain the general problem and three practical vulnerabilities in the content management systems Wordpress and Joomla and in the mailinglist software Mailman. The latter affects almost every Mailman installation with publicly accessible web archives. Further vulnerable components include Edge, Firefox, the Apache web server and Caddy.
Presented at Security Fest 2019.Speakers: Hanno Böck
Hanno Böck is a hacker and freelance journalist. He is a regular writer for the German online IT magazine Golem.de and writes the monthly Bulletproof TLS Newsletter. He discovered the ROBOT attack against TLS implementations, which was awarded with a Pwnie award in 2018. He has spoken previously at conferences like Def Con, Black hat and CCC.