Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: [Webappsec] script inside .txt file

Re: [Webappsec] script inside .txt file

From: Josh Zlatin-Amishav <josh_at_ramat.cc>
Date: Wed, 25 Apr 2007 03:33:06 -0400 (EDT)

On Tue, 24 Apr 2007, prashant k v wrote:

>
> i am using Apache http server 2.0.59 and IE 7. this problem dosen occur in mozilla, <script>alert('hello');</script> is displayed as it is
>
> can anyone help me solve this

Mozilla interprets a text file as text while IE is a little too
"helpful" in rendering everything as HTML. Darn standards compliant browsers.
Are you able to change the upload file type, to say PHP? That would get a lot
more interesting then. 

--
  - Josh
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level 
attacks that hackers use to sneak into web applications today. This 
whitepaper will discuss how traditional XSS attacks are performed, how to 
secure your site against these attacks and check if your site is protected. 
Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------
Received on Apr 25 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos