full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] Unicode Left/Right Pointin

[Full-disclosure] Unicode Left/Right Pointing Double Angel Quotation Mark bypass?

From: 3APA3A <3APA3A_at_nospam>
Date: Tue May 22 2007 - 12:58:03 GMT
To: full-disclosure@lists.grok.org.uk, Web Security <websecurity@webappsec.org>


Dear full-disclosure@lists.grok.org.uk,

  By the way: I saw Unicode Left Pointing Double Angel Quotation Mark   (%u00AB) / Unicode Right Pointing Double Angel Quotation Mark (%u00BB)   are sometimes translated to '<' and '>'. Does somebody experimented   with

  %u00ABscript%u00BB

  in different environments to bypass filtering in this way? -- http://securityvulns.com/ /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles) +-------------o66o--+ / |/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/