| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200610030315.k933FDco010509@asti.maths.usyd.edu.au> Date: Tue, 3 Oct 2006 13:15:13 +1000 From: Paul Szabo <psz@...hs.usyd.edu.au> To: eaton.lists@...il.com, psz@...hs.usyd.edu.au Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) Seems that I was wrong and Brian Eaton <eaton.lists@...il.com> was right: default apache installations seem to return an explicit charset in their error message. (Now I cannot explain how I convinced myself otherwise.) Then there is no Universal XSS against default Apache webservers... Cheers, Paul Szabo psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
Powered by blists - more mailing lists