<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability

Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability

From: <cxib_at_securityreason.com>
Date: 10 May 2008 09:36:19 -0000

('binary' encoding is not supported, stored as-is) Bogus.

cxib# curl -I "http://[host]/Znl5g3k70ZaBUPYmN5RAGUdkskoprzGI63K4mIj2sqzbX0Kc3Fu7vfthepWhmKvjudPuJTNeK9zw5MaZ1yXJi8RJRRuPe5UahFwOblMXsIPTGh3pVjTLdim3vuTKgdazOG9idQbIjbnpMEco8Zlo5xNRuCoviPx7x7tYYeOgc8HU46gaecJwnHY7f6GlQB8H6kBFhjoIaHE1SQPhU5VReCz1olPh5jZ%3Cfont%20size=50%3EDEFACED%3C-script+AD4-alert('xss')+ADw-/script+AD4---//--"
HTTP/1.1 403 Forbidden
Date: Sat, 10 May 2008 09:51:22 GMT
Server: Apache/2.2.8 (Debian) DAV/2 SVN/1.4.6 PHP/5.2.5-3 with Suhosin-Patch mod_python/3.3.1 Python/2.4.5
Content-Type: text/html; charset=iso-8859-1

Content-Type is set.

Best Regards
Maksymilian Arciemowicz
securityreason.com
Received on May 10 2008

This message: [ Message body ]
Next message: Michael Scheidell: "Re: Exploiting Google MX servers as Open SMTP Relays"
Previous message: sys-project_at_hotmail.com: "SazCart <= 1.5.1 (prodid) Remote SQL Injection Exploit"
Maybe in reply to: lament hero: "Apache Server HTML Injection and UTF-7 XSS Vulnerability"
Next in thread: lament hero: "Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]