[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[WEB SECURITY] Re: [Full-disclosure] noise about full-width encoding bypass?
- From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
- Subject: [WEB SECURITY] Re: [Full-disclosure] noise about full-width encoding bypass?
- Date: Mon, 21 May 2007 20:02:40 +0400
Dear Brian Eaton,
--Monday, May 21, 2007, 6:22:21 PM, you wrote to websecurity@xxxxxxxxxxxxx:
BE> If the SQL engine is processing queries in ASCII or ISO-8859-1, the
BE> conversion from unicode to the code page used by the engine will fail.
BE> Either the engine will give up on the query, or it might substitute a
BE> question mark (?) for the unconvertible character.
It's not true, because it's quite convertible character. At least for IIS:
http://example.com/test.asp?q=%uFF1Cscript>alert("Hello")</script>
where test.asp is
<%=Request.QueryString("q")%>
launches javascript.
BTW: It may be used to bypass keyword based filtering to create, e.g.
porn pages available through any corporate firewall. See
http://securityvulns.ru/files/p.html
--
~/ZARAZA http://securityvulns.com/
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Brought to you by http://www.webappsec.org
Search this site
|