[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] XSS, SQL injection vulns on non-English sites

From: Jim Weiler <crispusatticks@xxxxxxxxx>
Subject: [WEB SECURITY] XSS, SQL injection vulns on non-English sites
Date: Wed, 23 Apr 2008 11:43:08 -0700 (PDT)

<table cellspacing='0' cellpadding='0' border='0' ><tr><td style='font: inherit;'><P>Q1. How would a cross site scripting vulnerability be exploited on a non english web site? Would a link containing a cross site scripting exploit for that site have to contain ASCII javascript or javascript characters encoded in some characterset that included the ASCII characters?</P>
<P>Q2. how would you do SQL injection to a non english web site, say japanese or arabic? doesn't the database engine expect ASCII SQL characters? If the web server says it understands UTF-8 I guess you could use a proxy to inject UTF-8 encoded ASCII SQL as form or URL parameter values.</P></td></tr></table>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- RE: [WEB SECURITY] XSS, SQL injection vulns on non-English sites
  - From: Hurst, Dennis
- Re: [WEB SECURITY] XSS, SQL injection vulns on non-English sites
  - From: Arian J. Evans

Prev by Date: Re: [WEB SECURITY] Defeating nonce/token based CSRF protection
Next by Date: RE: [WEB SECURITY] XSS, SQL injection vulns on non-English sites
Previous by thread: [WEB SECURITY] thoughts on WAF deployment options?
Next by thread: RE: [WEB SECURITY] XSS, SQL injection vulns on non-English sites
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site