WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Webappsec] script inside .txt file

From: Josh Zlatin-Amishav <josh () ramat cc>
Date: Wed, 25 Apr 2007 03:33:06 -0400 (EDT)
On Tue, 24 Apr 2007, prashant k v wrote:



 i am using Apache http server 2.0.59 and IE 7. this problem dosen occur in mozilla, <script>alert('hello');</script> 
is displayed as it is

 can anyone help me solve this


Mozilla interprets a text file as text while IE is a little too
"helpful" in rendering everything as HTML. Darn standards compliant browsers.
Are you able to change the upload file type, to say PHP? That would get a lot
more interesting then.

--
 - Josh

-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional XSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: