Re: Apache Multiple Injection Vulnerabilities

看板Bugtraq作者hugo.時間19年前 (2007/02/16 07:19)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/5 (看更多)

Yes, that's true, control characters are not in violation of the stated=20 charset "iso-8859-1". Thank you for notice me this. Unfortunately I mispell= ed=20 "iso-8859-1" as "iso 8859-1" wich is not the same. I'm sorry for this. I'll= =20 correct this right now. Sincerely, > Just a quick note: what you demonstrated is that "control characters" > are returned in a response whose charset is "iso-8859-1". But your text > later states that "ISO 8859-1 encodes ...". Notice the difference: > "iso-8859-1" vs. "iso 8859-1" - hyphen vs. space. These are different > character sets - iso-8859-1 is a superset of iso 8859-1, adding all > those control characters and whatnot. From RFC-1345: > > &charset ISO_8859-1:1987 > &rem source: ECMA registry > &alias iso-ir-100 > &g1esc x2d41 &g2esc x2e41 &g3esc x2f41 > &alias ISO_8859-1 > &alias ISO-8859-1 > &alias latin1 > &alias l1 > &alias IBM819 > &alias CP819 > &code 0 > NU SH SX EX ET EQ AK BL BS HT LF VT FF CR SO SI > DL D1 D2 D3 D4 NK SY EB CN EM SB EC FS GS RS US > SP ! " Nb DO % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < =3D > ?con= trol=20 characters are not in violation of the stated charset > At A B C D E F G H I J K L M N O P Q R S T U V W X Y Z <( // )> '> _ > '! a b c d e f g h i j k l m n o p q r s t u v w x y z (! !! !) '? DT > PA HO BH NH IN NL SA ES HS HJ VS PD PU RI S2 S3 > DC P1 P2 TS CC MW SG EG SS GC SC CI ST OC PM AC > NS !I Ct Pd Cu Ye BB SE ': Co -a << NO -- Rg '- > DG +- 2S 3S '' My PI .M ', 1S -o >> 14 12 34 ?I > A! A' A> A? A: AA AE C, E! E' E> E: I! I' I> I: > D- N? O! O' O> O? O: *X O/ U! U' U> U: Y' TH ss > a! a' a> a? a: aa ae c, e! e' e> e: i! i' i> i: > d- n? o! o' o> o? o: -: o/ u! u' u> u: y' th y: > > So those control characters are not in violation of the stated charset. > > Thanks, > -Amit =2D-=20 $>cd /pub $>more beer "I spent a lot of money on booze, birds and fast cars. The rest I just squandered" George Best "=A1Triste =E9poca la nuestra! Es m=E1s f=E1cil desintegrar un =E1tomo que = un prejuicio." Albert Einstein "Que dos y dos sean necesariamente cuatro, es una opini=F3n que muchos compartimos. Pero si alguien sinceramente piensa otra cosa, que lo diga. Aq= u=ED no nos asombramos de nada." Antonio Machado "La pol=EDtica es el arte de buscar problemas, encontrarlos, hacer un diagn=F3stico falso y aplicar despu=E9s los remedios equivocados." Groucho Marx "No permitais que vuestros estudios interfieran en vuestra educaci=F3n..."

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 hugo. 的文章

文章代碼(AID): #15rEg700 (Bugtraq)