RSnake schrieb: > > Jeremiah Grossman and I were able to get a proof of concept > working based off of Kurt's work that actually runs a simple piece of > JavaScript in IE, without using open or close angle brackets. Here's > the link to the post: > > http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2/ > > I concur that it would be very likely that this would pass > through almost all the content filters known to date, although the > liklihood of exploit is fairly low for any given websites, given the > encoding needed (US-ASCII). This is more relevant to perhaps injecting > JavaScript from remote locations by which you have control and bypassing > AV or content filtering products that otherwise would restrict malicious > JavaScript. I was able to get your example working on a normal HTTP server by adding this to the <head>er: <meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" /> Demo page is here: http://www.iku-ag.de/ascii.cgi.htm -- Kurt Huwig iKu Systemhaus AG http://www.iku-ag.de/ Vorstand Am Römerkastell 4 Telefon 0681/96751-0 66121 Saarbrücken Telefax 0681/96751-66 GnuPG 1024D/99DD9468 64B1 0C5B 82BC E16E 8940 EB6D 4C32 F908 99DD 9468
Attachment:
signature.asc
Description: OpenPGP digital signature