Bugtraq mailing list archives
Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability
From: Paul Szabo <psz () maths usyd edu au>
Date: Sun, 18 May 2008 08:12:20 +1000
Yossi Yakubov wrote in http://www.securityfocus.com/archive/1/492202 :
if you, apache guys will set 403 page's charset ...
Done, as per http://www.securityfocus.com/archive/1/492094 :
All [current] releases include fixes ...
... change manually the ecnoding in Firefox to UTF-7 ... There is no problem to trick the victim and force him to change the encoding of his browser by little social engineering.
See https://bugzilla.mozilla.org/show_bug.cgi?id=408457 about how this can be better exploited. Cheers, Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
Current thread:
- Apache Server HTML Injection and UTF-7 XSS Vulnerability lament hero (May 09)
- <Possible follow-ups>
- Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability cxib (May 10)
- Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability yos20053 (May 12)
- Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability cxib (May 12)
- Message not available
- Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability lament hero (May 15)
- Message not available
- Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tom . Donovan (May 15)
- Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Jon Ribbens (May 16)
- Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability yos20053 (May 17)
- Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Paul Szabo (May 19)
- Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tim (May 19)
- Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability William A. Rowe, Jr. (May 19)
- Re: Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tom . Donovan (May 19)