Re: Can you exploit this XSS?

• Previous message: mark: "Re: Can you exploit this XSS?"
• In reply to: mark: "Re: Can you exploit this XSS?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 26 Nov 2003 10:27:13 +0200
To: mark <mark@nunswithguns.co.uk>

On Tue, Nov 25, 2003 at 04:02:11PM +0000, mark wrote:
> Just noticed no-one yet mentioned this so i thought i'd add it..
> Another way of making the link with the code in a less obvious XSS one
> (to the uninitiated at least) is shown here
>
>
> test.php?%73%6f%6d%65%74%68%69%6e%67%3d%74%68%69%73%20%69%73%20%61%20%74%65%73%74
[snip]
> very simple php to do this follows...
>
> $string="something=this is a test";
> for($x=0;$x<strlen($string);$x++){
> echo "%".dechex(ord($string[$x]));
> }

Or even simpler:

  $string = "something=this is a test";
  echo preg_replace("/(..)/", "%\\1", bin2hex($string));

G'luck,
Peter

-- 
Peter Pentchev	roam@ringlet.net    roam@sbnd.net    roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This sentence was in the past tense.

• application/pgp-signature attachment: stored

• Previous message: mark: "Re: Can you exploit this XSS?"
• In reply to: mark: "Re: Can you exploit this XSS?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]