Re: Can you exploit this XSS?

From: Peter Pentchev (roam_at_ringlet.net)
Date: 11/26/03

  • Next message: CORE Security Technologies: "[ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg"
    Date: Wed, 26 Nov 2003 10:27:13 +0200
    To: mark <mark@nunswithguns.co.uk>
    
    
    

    On Tue, Nov 25, 2003 at 04:02:11PM +0000, mark wrote:
    > Just noticed no-one yet mentioned this so i thought i'd add it..
    > Another way of making the link with the code in a less obvious XSS one
    > (to the uninitiated at least) is shown here
    >
    >
    > test.php?%73%6f%6d%65%74%68%69%6e%67%3d%74%68%69%73%20%69%73%20%61%20%74%65%73%74
    [snip]
    > very simple php to do this follows...
    >
    > $string="something=this is a test";
    > for($x=0;$x<strlen($string);$x++){
    > echo "%".dechex(ord($string[$x]));
    > }

    Or even simpler:

      $string = "something=this is a test";
      echo preg_replace("/(..)/", "%\\1", bin2hex($string));

    G'luck,
    Peter

    -- 
    Peter Pentchev	roam@ringlet.net    roam@sbnd.net    roam@FreeBSD.org
    PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
    Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
    This sentence was in the past tense.
    
    



  • Next message: CORE Security Technologies: "[ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg"

    Relevant Pages