WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Extended ASCII characters used for injection

From: Jeff Williams <planetlevel () gmail com>
Date: Wed, 20 Oct 2010 23:32:23 -0400
What platform are you using? It really makes a difference in how Unicode is handled.

--Jeff



On Oct 20, 2010, at 2:29 AM, "Chris Weber" <chris () casabasecurity com> wrote:


You'd be blocking legitimate usage of many different character encodings
including UTF-8 and ISO-8859-1 if you blocked 0x77 - 0xff.  

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Nibbler
Sent: Tuesday, October 19, 2010 6:06 AM
To: webappsec () securityfocus com
Subject: Extended ASCII characters used for injection

Hi list,

I have a web app and I want to block special characters in URL on the
web server. Do you know if there is a risk of injection (XSS...) with
extended ASCII char (%7f-%ff)?
Is there any reason to block these characters?

Thanks
Regards,
Nib



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: