[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [Fwd: Re: Apache Illegal Request Handling Possible XSS Vulnerability]

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [Fwd: Re: Apache Illegal Request Handling Possible XSS Vulnerability]
From: Tõnu Samuel <tonu@xxxxxx>
Date: Wed, 25 Apr 2007 08:51:57 +0300

oops, missed the CC to list

--- Begin Message ---

To: Guasconi Vincent <tyoptyop@xxxxxxxxx>

Subject: Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability

From: Tõnu Samuel <tonu@xxxxxx>

Date: Wed, 25 Apr 2007 08:51:19 +0300
On Tue, 2007-04-24 at 11:24 +0200, Guasconi Vincent wrote:

> <?php
>         echo htmlentities($_SERVER['REQUEST_METHOD']);
>         echo htmlentities($_SERVER['SERVER_PROTOCOL']);
> ?>
> 
> Sorry but,
> where's the hole? (^-^)

Hole is that you still can pass utf7 through it. htmlentities know
nothing about context encoding.

echo "<script>alert('BEeF');</script>" | iconv -f utf8 -t utf7

+ADw-script+AD4-alert('BEeF')+ADsAPA-/script+AD4



  Tõnu
--- End Message ---

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] requesting info
Next by Date: [Full-disclosure] Cisco Security Advisory: Default Passwords in NetFlow Collection Engine
Previous by thread: Re: [Full-disclosure] requesting info
Next by thread: [Full-disclosure] Cisco Security Advisory: Default Passwords in NetFlow Collection Engine
Index(es):
- Date
- Thread