[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1010180926.20070522165803@SECURITY.NNOV.RU>
Date: Tue, 22 May 2007 16:58:03 +0400
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: full-disclosure@...ts.grok.org.uk, Web Security <websecurity@...appsec.org>
Subject: Unicode Left/Right Pointing Double Angel
Quotation Mark bypass?
Dear full-disclosure@...ts.grok.org.uk,
By the way: I saw Unicode Left Pointing Double Angel Quotation Mark
(%u00AB) / Unicode Right Pointing Double Angel Quotation Mark (%u00BB)
are sometimes translated to '<' and '>'. Does somebody experimented
with
%u00ABscript%u00BB
in different environments to bypass filtering in this way?
--
http://securityvulns.com/
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists