Tuesday, February 27, 2007

Multiple Browser Vulnerability

Web-pages without a defined charset will be rendered with the charset of the parent page when put into an (i)frame. This might allow bypassing XSS filters with for example UTF-7 payload.

Vulnerable Systems:
* Firefox versions 2.0.0.1 and prior
* Internet Explorer 7
* Opera 9


Immune Systems:
* Internet Explorer 6
* Opera 8

Read the article HERE.

0 Comments:

Post a Comment

<< Home