Full Disclosure mailing list archives
[Fwd: Re: Apache Illegal Request Handling Possible XSS Vulnerability]
From: Tõnu Samuel <tonu () jes ee>
Date: Wed, 25 Apr 2007 08:51:57 +0300
oops, missed the CC to list
--- Begin Message --- From: Tõnu Samuel <tonu () jes ee>
Date: Wed, 25 Apr 2007 08:51:19 +0300
On Tue, 2007-04-24 at 11:24 +0200, Guasconi Vincent wrote:<?php echo htmlentities($_SERVER['REQUEST_METHOD']); echo htmlentities($_SERVER['SERVER_PROTOCOL']); ?> Sorry but, where's the hole? (^-^)Hole is that you still can pass utf7 through it. htmlentities know nothing about context encoding. echo "<script>alert('BEeF');</script>" | iconv -f utf8 -t utf7 +ADw-script+AD4-alert('BEeF')+ADsAPA-/script+AD4 Tõnu
--- End Message ---
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [Fwd: Re: Apache Illegal Request Handling Possible XSS Vulnerability] Tõnu Samuel (Apr 25)