Cross-protocol XSS with non-standard service ports | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Cross-protocol XSS with non-standard service ports (i8jesus.com)
		16 points by noodle on Sept 1, 2009 \| hide \| past \| favorite \| 1 comment

aristus on Sept 1, 2009 [–]

I believe that with multipart-formdata encoding turned on, you could send your entire FTP exploit in one form variable, newlines and all, because they won't be escaped on the wire.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact