[From nobody Thu Jul 10 02:07:39 2008
Subject: Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS
	Vulnerability
From: =?ISO-8859-1?Q?T=F5nu?= Samuel <tonu@jes.ee>
To: Guasconi Vincent <tyoptyop@gmail.com>
In-Reply-To: <985b1a3d0704240224x2ddfbd47k804ceca945e2b345@mail.gmail.com>
References: <3d3168e50704240153y3829d15cm8abb7b5d2d7ff86d@mail.gmail.com>
	<985b1a3d0704240224x2ddfbd47k804ceca945e2b345@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Message-Id: <1177480279.4600.35.camel@duo.jes.ee>
Mime-Version: 1.0
X-Mailer: Evolution 2.8.2 
Date: Wed, 25 Apr 2007 08:51:19 +0300
Content-Transfer-Encoding: 8bit

On Tue, 2007-04-24 at 11:24 +0200, Guasconi Vincent wrote:

> <?php
>         echo htmlentities($_SERVER['REQUEST_METHOD']);
>         echo htmlentities($_SERVER['SERVER_PROTOCOL']);
> ?>
> 
> Sorry but,
> where's the hole? (^-^)

Hole is that you still can pass utf7 through it. htmlentities know
nothing about context encoding.

echo "<script>alert('BEeF');</script>" | iconv -f utf8 -t utf7

+ADw-script+AD4-alert('BEeF')+ADsAPA-/script+AD4



  Tõnu
]