lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 8 Nov 2006 10:56:18 +0900
From: "HASEGAWA Yosuke " <yosuke.hasegawa@...il.com>
To: bugtraq@...urityfocus.com
Subject: Re: Hotmail and Windows Live Mail XSS Vulnerabilities

Hi.

On 3 Nov 2006 15:39:02 -0000, applesoup@...il.com <applesoup@...il.com> wrote:
> Hotmail's filter identifies "expression()" syntax in a CSS attribute. According to Hasegawa Yosuke's

The term "url" in CSS is also widely acceptable in IE6
such as fullwidth "URL" (U+FF35, U+FF32, U+FF2C),
or some Unicode letters (U+0280, U+029F).

More details for
https://www.webappsec.jp/modules/bwiki/index.php?IE%A4%CEexpression%A4%C8url

Regards,
-- 
HASEGAWA Yosuke
    yosuke.hasegawa@...il.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ