Bugtraq mailing list archives
Re: Hotmail and Windows Live Mail XSS Vulnerabilities
From: "HASEGAWA Yosuke " <yosuke.hasegawa () gmail com>
Date: Wed, 8 Nov 2006 10:56:18 +0900
Hi. On 3 Nov 2006 15:39:02 -0000, applesoup () gmail com <applesoup () gmail com> wrote:
Hotmail's filter identifies "expression()" syntax in a CSS attribute. According to Hasegawa Yosuke's
The term "url" in CSS is also widely acceptable in IE6 such as fullwidth "URL" (U+FF35, U+FF32, U+FF2C), or some Unicode letters (U+0280, U+029F). More details for https://www.webappsec.jp/modules/bwiki/index.php?IE%A4%CEexpression%A4%C8url Regards, -- HASEGAWA Yosuke yosuke.hasegawa () gmail com
Current thread:
- Hotmail and Windows Live Mail XSS Vulnerabilities applesoup (Nov 06)
- Message not available
- Re: Hotmail and Windows Live Mail XSS Vulnerabilities HASEGAWA Yosuke (Nov 08)
- Message not available