Full Disclosure mailing list archives

Re: [WEB SECURITY] Useful technique when performing XSS

From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Wed, 7 Feb 2007 20:14:12 +0000

Amit,

:) This is not about who did it first. BTW, your example is broken.
location.search does not include the fragment identifier.

Cheers

On 2/7/07, Amit Klein <aksecurity () gmail com> wrote:

pdp (architect) wrote:

http://www.gnucitizen.org/blog/playing-in-large

Basically this article is about how to squeeze more data into size
restricted, unsanitized field. This technique can also be used to hide
attackers activities.

It seems that you've stumbled upon something I already disclosed:
http://www.webappsec.org/lists/websecurity/archive/2005-10/msg00030.html

Sorry...
-Amit



-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Useful technique when performing XSS pdp (architect) (Feb 07)
- Re: [WEB SECURITY] Useful technique when performing XSS Amit Klein (Feb 07)
  - Re: [WEB SECURITY] Useful technique when performing XSS pdp (architect) (Feb 07)
    - Re: [WEB SECURITY] Useful technique when performing XSS Amit Klein (Feb 07)
    - Re: [WEB SECURITY] Useful technique when performing XSS pdp (architect) (Feb 07)
    - Re: [WEB SECURITY] Useful technique when performing XSS Amit Klein (Feb 07)