[Webappsec] script inside .txt file
josh at ramat.cc
Wed Apr 25 03:33:06 EDT 2007
On Tue, 24 Apr 2007, prashant k v wrote:
> i am using Apache http server 2.0.59 and IE 7. this problem dosen occur in mozilla, <script>alert('hello');</script> is displayed as it is
> can anyone help me solve this
Mozilla interprets a text file as text while IE is a little too
"helpful" in rendering everything as HTML. Darn standards compliant browsers.
Are you able to change the upload file type, to say PHP? That would get a lot
more interesting then.
More information about the Webappsec