Full Disclosure mailing list archives
IE 6 XSS
From: Roland Postle" <mail () blazde co uk (Roland Postle)
Date: Thu, 05 Sep 2002 02:36:03 +0100
Ahhh - time to bust out the old Unicode tekniqz... http://www.ebay.com%25%32%46%40www%2emsn%2ecom/ http://www.ebay.com%252f%40www%2emsn%2ecom/ http://www.ebay.com%25%32%46%40%57%57%57%2e%4d%53%4e%2e%43%4f%4d/
Myth. It's not unicode, just URL encoded ISO-Latin. There is currently no way to put unicode in URLs, don't let that similar looking 'extended unicode directory traversal' thingy in IIS last year confuse you. That was just IIS misinterpretting the request. Probably Microsoft trying to 'extend' the standard to include unicode. And.... I don't see how it's XSS either. And.... it's not tekniqz, it's techniques :D - Blazde
Current thread:
- IE 6 XSS fooldisclosure () hushmail com (Sep 04)
- IE 6 XSS <mail () blazde co uk (Roland Postle) (Sep 04)