BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) Oct 02 2006 12:36PM
Paul Szabo (psz maths usyd edu au)
Eiji James Yoshida wrote in
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049784.h
tml
:

> If 'Encoding' is set to 'Auto Select', and Internet Explorer finds a UTF-7
> string in the response's body, it will set the charset encoding to UTF-7
> automatically ...
> Proof of concept:
>...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus