Vulnerability Development mailing list archives
Re: IIS and unicode
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Thu, 26 Oct 2000 00:49:17 +0200
Well, I'm only remotely familiar with unicode, but... unicode is the same standard all over the world (only some terminals can't display certain characters), and english systems supports unicode as well today. Running english versions probably won't help one bit. In windows, unicode is becoming a deeply built-in standard, supported by most APIs. Ps. unicode = 2 byte character is only true for raw unicode. As an example, the UTF-8 standard is based around 7/8bit ascii but with unicode extesions. Any ASCII file is a UTF-8 file, but not vice-versa. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team http://www.eff.org/cafe On Tue, 24 Oct 2000, aliver vilereal wrote:
ok, is it true that the unicode exploit only works under foreign machines that use 2-byte characters? if so, how can i check (in a http response) if this is a vulnerable system. i have heard that english systems are also vulnerable, but require a differnt string to be passed to them, is this true? thank you for your help aliver vilereal ubermother
Current thread:
- IIS and unicode aliver vilereal (Oct 26)
- Re: IIS and unicode Robert A. Seace (Oct 26)
- Re: IIS and unicode Bluefish (P.Magnusson) (Oct 26)
- <Possible follow-ups>
- Re: IIS and unicode Ryan Yagatich (Oct 27)