[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI)



NoScript 2.0.7 is released today (25th November 2010).
It correctly detects and blocks this variant (raw hexadecimal), but also the other 3 (quoted hexadecimal, raw binary and quoted binary) which have not been covered by this disclosure.