WebApp Sec mailing list archives

Extended ASCII characters used for injection

From: Nibbler <enibbler () gmail com>
Date: Tue, 19 Oct 2010 15:06:25 +0200

Hi list,

I have a web app and I want to block special characters in URL on the
web server. Do you know if there is a risk of injection (XSS...) with
extended ASCII char (%7f-%ff)?
Is there any reason to block these characters?

Thanks
Regards,
Nib



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Current thread:

Extended ASCII characters used for injection Nibbler (Oct 19)
- Re: Extended ASCII characters used for injection Mostafa Siraj (Oct 19)
- RE: Extended ASCII characters used for injection Onken, Skyler (Oct 19)
- Re: Extended ASCII characters used for injection Simon XanthiX (Oct 19)
- Re: Extended ASCII characters used for injection john s (Oct 19)
- RE: Extended ASCII characters used for injection Chris Weber (Oct 20)
  - Re: Extended ASCII characters used for injection Jeff Williams (Oct 20)
    - RE: Extended ASCII characters used for injection Linden Darling (Oct 20)
    - RE: Extended ASCII characters used for injection Richard M. Smith (Oct 25)
    - Re: Extended ASCII characters used for injection john s (Oct 25)
    - RE: Extended ASCII characters used for injection Chris Weber (Oct 25)

(Thread continues...)