Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec: HTMLEncode

HTMLEncode

From: Alfred Hitchcock <alfredhitchcock_007_at_yahoo.com>
Date: 7 Jan 2005 10:39:46 -0000

('binary' encoding is not supported, stored as-is) Hello everybody,
Could anybody tell me how you can bypass Server.HtmlEncode as it only checks for 4 characters. i.e. &,<,>,".
So is there any other way of bypassing HtmlEncode which can further lead to XSS
Received on Jan 07 2005

This message: [ Message body ]
Next message: Lists: "How to list all the URLs on a web server"
Previous message: Benjamin Livshits: "Vulnerability statistics"
Next in thread: RSnake: "Re: HTMLEncode"
Reply: RSnake: "Re: HTMLEncode"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]