Multiple Browser Vulnerability
Web-pages without a defined charset will be rendered with the charset of the parent page when put into an (i)frame. This might allow bypassing XSS filters with for example UTF-7 payload.
Vulnerable Systems:
* Firefox versions 2.0.0.1 and prior
* Internet Explorer 7
* Opera 9
Immune Systems:
* Internet Explorer 6
* Opera 8
Read the article HERE.
Vulnerable Systems:
* Firefox versions 2.0.0.1 and prior
* Internet Explorer 7
* Opera 9
Immune Systems:
* Internet Explorer 6
* Opera 8
Read the article HERE.
posted by vanish at 11:29 AM
0 Comments:
Post a Comment
<< Home