WebApp Sec mailing list archives

Re: Extended ASCII characters used for injection

From: john s <rwnin.security () gmail com>
Date: Thu, 21 Oct 2010 10:14:22 -0500

<snip>

You'd be blocking legitimate usage of many different character encodings
including UTF-8 and ISO-8859-1 if you blocked 0x77 - 0xff.

</snip>

<snip>

What platform are you using? It really makes a difference in how Unicode
is handled.

</snip>


Doesn't this issue really boil down to the requirements of a given
application?

Just because some applications require extended character sets, does
that mean every web server implementation needs to support them all?



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Current thread:

Extended ASCII characters used for injection Nibbler (Oct 19)
- Re: Extended ASCII characters used for injection Mostafa Siraj (Oct 19)
- RE: Extended ASCII characters used for injection Onken, Skyler (Oct 19)
- Re: Extended ASCII characters used for injection Simon XanthiX (Oct 19)
- Re: Extended ASCII characters used for injection john s (Oct 19)
- RE: Extended ASCII characters used for injection Chris Weber (Oct 20)
  - Re: Extended ASCII characters used for injection Jeff Williams (Oct 20)
    - RE: Extended ASCII characters used for injection Linden Darling (Oct 20)
    - RE: Extended ASCII characters used for injection Richard M. Smith (Oct 25)
    - Re: Extended ASCII characters used for injection john s (Oct 25)
    - RE: Extended ASCII characters used for injection Chris Weber (Oct 25)
    - Re: Extended ASCII characters used for injection john s (Oct 25)