Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])
Oct 02 2006 12:36PM
Paul Szabo (psz maths usyd edu au)
Eiji James Yoshida wrote in
> If 'Encoding' is set to 'Auto Select', and Internet Explorer finds a UTF-7
> string in the response's body, it will set the charset encoding to UTF-7
> automatically ...
> Proof of concept:
[ more ]
Copyright 2010, SecurityFocus