Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
URI::Escape
Posted by: sasuke
Date: August 17, 2007 02:36PM

Does anyone have experience using this on passed in parameters, are their known ways of bypassing this method of input validation. We are planning on using it to fix a few perl cgi's we have laying around, but id like to hear what the people here think first.

-sasuke

Options: ReplyQuote
Re: URI::Escape
Posted by: rsnake
Date: September 11, 2007 05:45PM

URL escape only works if you are escaping it and putting it in a safe place. There are definitely ways to exploit it depending on where the data ends up (parameters for instance). But if you just mean XSS mitigation it will do a pretty good job with raw HTML (if you don't mind the ugly output).

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: URI::Escape
Posted by: hackathology
Date: September 23, 2007 08:03AM

Wat is URI Escape? Anyway examples?

http://hackathology.blogspot.com

Options: ReplyQuote
Re: URI::Escape
Posted by: rsnake
Date: October 04, 2007 02:15PM

http://www.xav.com/perl/site/lib/URI/Escape.html Here you go

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: URI::Escape
Posted by: hackathology
Date: November 04, 2007 09:26AM

got it rnake, thanks

http://hackathology.blogspot.com

Options: ReplyQuote
Re: URI::Escape
Posted by: thrill
Date: November 05, 2007 11:27AM

rnake? rnaked? eeewwww...

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote


Sorry, only registered users may post in this forum.