Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

[Fwd: Re: Apache Illegal Request Handling Possible XSS Vulnerability]

From: Tõnu Samuel <tonu () jes ee>
Date: Wed, 25 Apr 2007 08:51:57 +0300
oops, missed the CC to list
--- Begin Message --- From: Tõnu Samuel <tonu () jes ee>
Date: Wed, 25 Apr 2007 08:51:19 +0300
On Tue, 2007-04-24 at 11:24 +0200, Guasconi Vincent wrote:


<?php
        echo htmlentities($_SERVER['REQUEST_METHOD']);
        echo htmlentities($_SERVER['SERVER_PROTOCOL']);
?>

Sorry but,
where's the hole? (^-^)


Hole is that you still can pass utf7 through it. htmlentities know
nothing about context encoding.

echo "<script>alert('BEeF');</script>" | iconv -f utf8 -t utf7

+ADw-script+AD4-alert('BEeF')+ADsAPA-/script+AD4



  Tõnu

--- End Message ---
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: