Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Browsers :: expl5669.htm

Internet Explorer % encoding directive cross site scripting issue
4th Sep 2002 [SBWID-5669]

		IE % encoding directive cross site scripting issue


		 MSIE v6.x

		 MSIE v5.0x

		 Tested with : IEXPLORE.EXE file version: 6.0.2600.0000 

		               MSHTML.DLL file version: 6.00.2600.0000

PROBLEM found :




		or ==> 2FforMSIE-MyPage section.



		%?? in URL is decoded when IE caculates  the  domain,  but  not  decoded
		while downloading a page. so


		(	2F=hex$(asc('/'))	)


		leads to instead of, and  the  domain  of
		it for IE.


		 Update (09 september 2002)



		Bentfork adds this should have a higher rating  considering  the  recent
		w0man SSL man in the middle attack.



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH