UTF 7 XSS — Apache and Others Yaniv

Скачать презентацию UTF 7 XSS — Apache and Others Yaniv

d43de5ba629c02e36cca7d70d4e3db84.ppt

Количество слайдов: 16

UTF 7 XSS - Apache and Others Yaniv Miron aka “Lament” Yaniv. M@Comsec. Global. com OWASP Israel 2008 September 14 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http: //www. owasp. org

Disclaimers <This information is for learning purposes only. <Do NOT attack the site example. Disclaimers

General <New vulnerability. <Attack any Apache web server (May 2008). <Found in April 2008 General

Cross Site Scripting aka “XSS” alert(31337) § [URL] OWASP 4

UTF 7 Character Encoding <What is UTF 7? 4 One of the many character UTF 7 Character Encoding alert(31337) § +ADw-script+AD 4 -alert(31337)+ADw-/script+AD 4§ § +ADw-script+AD 4 -alert(document. cookie)+ADw-/script+AD 4 - OWASP 5

Apache Web Server <What is Apache? 4 Well come on. . . OWASP 6 Apache Web Server

The Vulnerability <A bit complicated. <Not fully automatic. <Infrastructure & Application attack. <All of The Vulnerability

Vulnerability Parts

The String

Example

Example - 2 nd part OWASP 11

Future Development

Responses

How to Fix

References

[-] E 0 F [-]