Re: Can you exploit this XSS?
From: mark (mark_at_nunswithguns.co.uk)
Date: 11/25/03
- Previous message: Brett Moore: "RE: win32 bof question"
- In reply to: Paul Johnston: "Can you exploit this XSS?"
- Next in thread: Peter Pentchev: "Re: Can you exploit this XSS?"
- Reply: Peter Pentchev: "Re: Can you exploit this XSS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Nov 2003 16:02:11 +0000 To: Paul Johnston <paul@westpoint.ltd.uk>
Just noticed no-one yet mentioned this so i thought i'd add it..
Another way of making the link with the code in a less obvious XSS one
(to the uninitiated at least) is shown here
test.php?%73%6f%6d%65%74%68%69%6e%67%3d%74%68%69%73%20%69%73%20%61%20%74%65%73%74
which is actually translates as:
test.php?something=this is a test
as you can see its just the hex for each character, %20 is a space as
you probably already know.
not a biggie but i thought i'd mention it.
very simple php to do this follows...
$string="something=this is a test";
for($x=0;$x<strlen($string);$x++){
echo "%".dechex(ord($string[$x]));
}
Paul Johnston wrote:
> Hi,
>
> While auditing a web app, I've found the site redirects not found
> pages to a login screen. This contains an element like:
>
> <input type="hidden" name="tageturl" value="XXX">
>
> Now, the XXX bit is controlled by the user, and it seems the only
> characters escaped are " and & - i.e.
> <script>alert(document.cookie)</script> gets through (hence my tool
> alerted me).
>
> Can this be exploited for XSS? I can't see how to immediately, but it
> seems possible.
>
> Paul
>
- Previous message: Brett Moore: "RE: win32 bof question"
- In reply to: Paul Johnston: "Can you exploit this XSS?"
- Next in thread: Peter Pentchev: "Re: Can you exploit this XSS?"
- Reply: Peter Pentchev: "Re: Can you exploit this XSS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
