tags 296659 + confirmed thanks I tested this XSS vulnerability with Mono 1.0.5 and mono-xsp 1.0.4 / libapache-mod-mono 1.0.4 / libapache2-mod-mono 1.0.4 it works as described in the report. It can only work though when charset convertion for the web application is enabled.
I don't know yet if either Mono 1.0.6 or Mono 1.1.4 solves this. -- Regards, Mirco 'meebey' Bauer PGP-Key: http://keyserver.noreply.org/pks/lookup?op=get&search=0xEEF946C8 -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT d s-:+ a-- C++ UL++++$ P L++$>+++$ E- W+++$ N o? K- w++>! O---- M- V? PS PE+ Y- PGP++ t 5+ X++ R tv+ b+ DI? D+ G>++ e h! r->++ y? ------END GEEK CODE BLOCK------
signature.asc
Description: This is a digitally signed message part
