PHPIDS vs Firefox comment handling bug
Article written by martin
Firefox’s handling of comment tags is a fickle business as has been seen by the recent emergence of a fragmented XSS vulnerability when injection into comments is allowed. Suffice it to say that PHPIDS (and .NETIDS) is already able to detect this attack in several forms. Firstly, any injection of malicious script tags/attributes will be picked up by the IDS and secondly the filter set is capapble of detecting comments that have text between the opening and closing tags: <!so– there is no luck –evading> our filters like this! Full details of the vulnerability can be found at Switch/Twitch.
This entry was posted
on Wednesday, June 13th, 2007 at 7:41 pm and is filed under .NETIDS, PHPIDS.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
