
Cross-protocol XSS with non-standard service ports - noodle
http://i8jesus.com/?p=75
======
aristus
I believe that with multipart-formdata encoding turned on, you could send your
entire FTP exploit in one form variable, newlines and all, because they won't
be escaped on the wire.

