<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

Bugtraq: Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability

Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability

From: Paul Szabo <psz_at_maths.usyd.edu.au>
Date: Sun, 18 May 2008 08:12:20 +1000

Yossi Yakubov wrote in http://www.securityfocus.com/archive/1/492202 :

> if you, apache guys will set 403 page's charset ...

Done, as per http://www.securityfocus.com/archive/1/492094 :
>> All [current] releases include fixes ...

> ... change manually the ecnoding in Firefox to UTF-7 ... There is no
> problem to trick the victim and force him to change the encoding of
> his browser by little social engineering.

See https://bugzilla.mozilla.org/show_bug.cgi?id=408457 about how this
can be better exploited.

Cheers,

Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Received on May 19 2008

This message: [ Message body ]
Next message: a.jasbi_at_yahoo.com: "Cpanel all version >> root access with a reseller account."
Previous message: yos20053_at_gmail.com: "Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability"
In reply to: yos20053_at_gmail.com: "Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability"
Next in thread: Tim: "Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]