Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Webappsec] script inside .txt file

from [Josh Zlatin-Amishav] Network Security [Permanent Link]
Subject: Re: [Webappsec] script inside .txt file
Date: Wed, 25 Apr 2007 03:33:06 -0400 (EDT) 
On Tue, 24 Apr 2007, prashant k v wrote:


 i am using Apache http server 2.0.59 and IE 7. this problem dosen occur in mozilla, 
<script>alert('hello');</script> is displayed as it is

can anyone help me solve this 

Mozilla interprets a text file as text while IE is a little too
"helpful" in rendering everything as HTML. Darn standards compliant browsers.
Are you able to change the upload file type, to say PHP? That would get a lot
more interesting then.

--
 - Josh

-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional XSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Anti-Virus vendors prove less-effective, Nick FitzGerald
Next by Date:  Re: [Webappsec] script inside .txt file, Stefano Di Paola
Previous by Thread:  [Full-disclosure] Anti-Virus vendors prove less-effective, David Kierznowski
Next by Thread:  Re: [Webappsec] script inside .txt file, Stefano Di Paola
Indexes:  [Date] [Thread] [Top] [All Lists]