[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Re: [Full-disclosure] noise about full-width encoding bypass?

From: ascii <ascii@xxxxxxxxxxxx>
Subject: [WEB SECURITY] Re: [Full-disclosure] noise about full-width encoding bypass?
Date: Mon, 21 May 2007 23:01:26 +0200

Brian Eaton wrote:
> To summarize what I've heard from various sources: I am missing
> something important. =)  Both PHP and ASP.NET will decode these
> characters into their ASCII equivalents.

(AFAIK)

Only ASP.NET/IIS decodes that automatically.

PHP *can* do that as like JSP and probably others but that has
to happen explicitly in the application code or on an other layer.

Regards,
Francesco `ascii` Ongaro
http://www.ush.it/

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] Re: [Full-disclosure] noise about full-width encoding bypass?
  - From: Chris Weber
- [WEB SECURITY] Re: [Full-disclosure] noise about full-width encoding bypass?
  - From: Brian Eaton

References:
- [WEB SECURITY] noise about full-width encoding bypass?
  - From: Brian Eaton
- [WEB SECURITY] Re: noise about full-width encoding bypass?
  - From: Brian Eaton

Prev by Date: [WEB SECURITY] Re: noise about full-width encoding bypass?
Next by Date: Re: [WEB SECURITY] noise about full-width encoding bypass?
Previous by thread: [WEB SECURITY] Re: noise about full-width encoding bypass?
Next by thread: Re: [WEB SECURITY] Re: [Full-disclosure] noise about full-width encoding bypass?
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site