RSnake schrieb:
>
> Jeremiah Grossman and I were able to get a proof of concept
> working based off of Kurt's work that actually runs a simple piece of
> JavaScript in IE, without using open or close angle brackets. Here's
> the link to the post:
>
> http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2/
>
> I concur that it would be very likely that this would pass
> through almost all the content filters known to date, although the
> liklihood of exploit is fairly low for any given websites, given the
> encoding needed (US-ASCII). This is more relevant to perhaps injecting
> JavaScript from remote locations by which you have control and bypassing
> AV or content filtering products that otherwise would restrict malicious
> JavaScript.
I was able to get your example working on a normal HTTP server by adding
this to the <head>er:
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
Demo page is here:
http://www.iku-ag.de/ascii.cgi.htm
--
Kurt Huwig iKu Systemhaus AG http://www.iku-ag.de/
Vorstand Am Römerkastell 4 Telefon 0681/96751-0
66121 Saarbrücken Telefax 0681/96751-66
GnuPG 1024D/99DD9468 64B1 0C5B 82BC E16E 8940 EB6D 4C32 F908 99DD 9468
Attachment:
signature.asc
Description: OpenPGP digital signature