Bypassing script filters with variable-width encodings
Author: Cheng Peng Su (applesoup_at_gmail.com)
Date: August 7, 2006
We've all known that the main problem of constructing XSS attacks is
how to obfuscate malicious code. In the following paragraphs I will
attempt to explain the concept
Adivisory Name : Yahoo! Mail XSS Vulnerability
Release Date : 2006.04.21
Application : Yahoo! web-based email service
Test On : Microsoft IE 6.0
Discover : Cheng Peng Su(applesoup_at_gmail.com)
Description:
Yahoo! Mail is one of the Internet's most popular web based email solutions.
Details