Hi, I'd like to prepare a proof-of-concept for an xss vulnerability that is based on sending a zero-byte character before the actual malicious code. Without that \0, the applications IPS will refuse the request. I can't manage to place a zero-byte inside an auto-submitting HTML form. How can I do this? Thanks! http://sla.ckers.org/forum/read.php?2,36583,36583#msg-36583 Thu, 23 May 2013 21:11:43 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?2,36583,36601#msg-36601 http://sla.ckers.org/forum/read.php?2,36583,36601#msg-36601
There are a bunch of other mimes supported by Mozilla: http://mxr.mozilla.org/mozilla2.0/source/netwerk/mime/nsMimeTypes.h#129

But they probably default to application/x-www-form-urlencoded when you try to post text fields.]]> Skyphire XSS Info Sun, 26 Jun 2011 21:23:53 -0500 http://sla.ckers.org/forum/read.php?2,36583,36584#msg-36584 http://sla.ckers.org/forum/read.php?2,36583,36584#msg-36584 christ1an XSS Info Sat, 25 Jun 2011 10:31:39 -0500 http://sla.ckers.org/forum/read.php?2,36583,36583#msg-36583 http://sla.ckers.org/forum/read.php?2,36583,36583#msg-36583
I'd like to prepare a proof-of-concept for an xss vulnerability that is based on sending a zero-byte character before the actual malicious code. Without that \0, the applications IPS will refuse the request.

I can't manage to place a zero-byte inside an auto-submitting HTML form. How can I do this?

Thanks!]]> christ1an XSS Info Sat, 25 Jun 2011 09:33:21 -0500