I have a question about the behaviour of the plugin #11415 (SquirrelMail's cross site scripting). There are two types of checks for the exploit's success: the first, which gives only a "security warning", is made by looking, in the returned page, for the presence of the string "<script>alert(document.cookie)</script>". This seems reasonable to me, for this code is interpreted by the browser. The other one checks, in the same page, the presence of the string "%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E". This code doesn't seems to be interpreted by the browser, nevertheless its presence is considered more dangerous, resulting in a "security hole". Is there anyone who can explain this thing?
Thank you in advance, G. ____________________________________________________________ Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005
