[owasp-antisamy] Issue with parsing tags containing null bytes

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Fri Dec 9 00:02:13 EST 2011


How is a URL-encoded null byte dangerous? What is your input and output?
If you think something is a bug, please fill out a bug report at [0].

 

Arshan

 

P.S. http://code.google.com/p/owaspantisamy/issues/list

 

From: owasp-antisamy-bounces at lists.owasp.org
[mailto:owasp-antisamy-bounces at lists.owasp.org] On Behalf Of Krpata,
Tyler
Sent: Thursday, December 08, 2011 5:42 PM
To: owasp-antisamy at lists.owasp.org
Subject: [owasp-antisamy] Issue with parsing tags containing null bytes

 

Hi all,

 

Has anyone come across the behavior where Java Antisamy does not
correctly parse tags that contain a url-encoded null byte at the
beginning of the tag? For example <%00script>

 

Thanks,

Tyler

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20111209/2de0b222/attachment.html 


More information about the Owasp-antisamy mailing list