[Full-disclosure] [Fwd: Re: Apache Illegal Request Handling Possible XSS Vulnerability]
- From: Tõnu Samuel <tonu@xxxxxx>
- Date: Wed, 25 Apr 2007 08:51:57 +0300
oops, missed the CC to list
--- Begin Message ---_______________________________________________On Tue, 2007-04-24 at 11:24 +0200, Guasconi Vincent wrote:
- From: Tõnu Samuel <tonu@xxxxxx>
- Date: Wed, 25 Apr 2007 08:51:19 +0300
<?php
echo htmlentities($_SERVER['REQUEST_METHOD']);
echo htmlentities($_SERVER['SERVER_PROTOCOL']);
?>
Sorry but,
where's the hole? (^-^)
Hole is that you still can pass utf7 through it. htmlentities know
nothing about context encoding.
echo "<script>alert('BEeF');</script>" | iconv -f utf8 -t utf7
+ADw-script+AD4-alert('BEeF')+ADsAPA-/script+AD4
Tõnu
--- End Message ---
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] requesting info
- Next by Date: [Full-disclosure] Cisco Security Advisory: Default Passwords in NetFlow Collection Engine
- Previous by thread: [Full-disclosure] requesting info
- Next by thread: [Full-disclosure] Cisco Security Advisory: Default Passwords in NetFlow Collection Engine
- Index(es):
Relevant Pages
|
|
