Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Universal PDF XSS Remediation (Fix)

Re: Universal PDF XSS Remediation (Fix)

From: Tim Brown <tmb_at_65535.com>
Date: Tue, 20 Feb 2007 00:19:48 +0000

Folks,

On an assessment at the moment and we have an opportunity to inject into a
cookie. The application however encodes our input using URL encoding. Does
any one know if there any way to exploit this? Standard %0a %0d attacks
won't work as % is reencoded as %25.

Cheers,
Tim 

-- 
Tim Brown
<mailto:tmb_at_65535.com>
-------------------------------------------------------------------------
Sponsored by: Watchfire
Securing a web application goes far beyond testing the application using 
manual processes, or by using automated systems and tools. Watchfire's 
"Web Application Security: Automated Scanning or Manual Penetration 
Testing?" whitepaper examines a few vulnerability detection methods - 
specifically comparing and contrasting manual penetration testing with 
automated scanning tools. Download it today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fH6
--------------------------------------------------------------------------
Received on Feb 20 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos