Re: Can you exploit this XSS?
From: dd (dd_at_ghettohackers.net)
Date: 11/19/03
- Previous message: noir: "Re: GetPC code (was: Shellcode from ASCII)"
- In reply to: Paul Johnston: "Can you exploit this XSS?"
- Next in thread: Sverre H. Huseby: "Re: Can you exploit this XSS?"
- Reply: Sverre H. Huseby: "Re: Can you exploit this XSS?"
- Reply: Paul Johnston: "Re: Can you exploit this XSS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Nov 2003 13:59:55 -0800 To: Paul Johnston <paul@westpoint.ltd.uk>
Paul,
What you have run into is called attribute encoding. When dealing html
tag attributes enclosed inside of quotation marks, the only char that is
"required" to encode is ". I usually recommend more robust output encoding.
Given you description, this is not normally exploitable. Depending on
the browser it may be possible to trick some browsers into thinking your
html is broken by injecting line feeds and starting up new tags.
dd
Paul Johnston wrote:
> Hi,
>
> While auditing a web app, I've found the site redirects not found pages
> to a login screen. This contains an element like:
>
> <input type="hidden" name="tageturl" value="XXX">
>
> Now, the XXX bit is controlled by the user, and it seems the only
> characters escaped are " and & - i.e.
> <script>alert(document.cookie)</script> gets through (hence my tool
> alerted me).
>
> Can this be exploited for XSS? I can't see how to immediately, but it
> seems possible.
>
> Paul
>
- Previous message: noir: "Re: GetPC code (was: Shellcode from ASCII)"
- In reply to: Paul Johnston: "Can you exploit this XSS?"
- Next in thread: Sverre H. Huseby: "Re: Can you exploit this XSS?"
- Reply: Sverre H. Huseby: "Re: Can you exploit this XSS?"
- Reply: Paul Johnston: "Re: Can you exploit this XSS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
