Windows Script Encoder is a Microsoft tool to encode scripts so that Web
hosts and Web clients cannot view or modify their source. It encodes the
content of script tags using a very simple encoding algorithm and renames
the scripts language attribute from JScript or Javascript to
JScript.Encode
can you comment on this testcases:
http://www.guninski.com/where_do_you_want_billg_to_go_today_1_demo2.html
http://www.guninski.com/where_do_you_want_billg_to_go_today_1_demo.html
Interesting, both your exploit code as well as the exploit code we provide
in the advisory (Exploit section) do
Georgi Guninski security advisory #71, 2004
http://www.guninski.com/where_do_you_want_billg_to_go_today_1.html
.. snip ..
By opening html in IE it is possible to read at least well formed xml from
arbitrary servers. The info then may be transmitted.
GreyMagic disclosed the EXACT same issue on