BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) Oct 02 2006 01:44PM
Brian Eaton (eaton lists gmail com)
On 10/2/06, Paul Szabo <psz (at) maths.usyd.edu (dot) au [email concealed]> wrote:
> This provides UXSS (Universal Cross-Site Scripting):
>
> http://apache.svr/+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-/ZZZ...
>
> (with a couple of hundred Zs) will do what we want. Works for https also:
>
> https://apache.svr/+ADw-SCRIP...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus