Re: Can you exploit this XSS?

[Robin <robin () technophobia co uk>]

Just by virtue of being able to get script into the page it can be 
exploited. What can be gained from the exploit is dependant on what the 
app/site does.

XSS is commonly used to collect session id's so an attacker could gather 
those using this weakness.

Robin

Paul Johnston wrote:

> Hi,
>
> While auditing a web app, I've found the site redirects not found 
> pages to a login screen. This contains an element like:
>
> <input type="hidden"  name="tageturl" value="XXX">
>
> Now, the XXX bit is controlled by the user, and it seems the only 
> characters escaped are " and & - i.e. 
> <script>alert(document.cookie)</script> gets through (hence my tool 
> alerted me).
>
> Can this be exploited for XSS? I can't see how to immediately, but it 
> seems possible.
>
> Paul

--
--------------------------------------------
Robin Wood
TechnoPhobia Limited
--------------------------------------------
Phone: +44 (0)114 2212123
Fax: +44 (0)114 2212124
Email: robin () technophobia co uk
WWW: http://www.technophobia.com
Registered in England and Wales Company No. 3063669
VAT registration No. 5987858 42

The contents of this e-mail are confidential to the addressee and are
intended solely for the recipients use.
If you are not the addressee, you have received this e-mail in error. Any
disclosure, copying, distribution or action taken in reliance on it is
prohibited and may be unlawful.
Any opinions expressed in this e-mail are those of the author personally and
not TechnoPhobia Limited who do not accept responsibility for the contents
of the message.
All e-mail communications, in and out of TechnoPhobia, are recorded for
monitoring purposes.