Vulnerability Development mailing list archives
Can you exploit this XSS?
From: Paul Johnston <paul () westpoint ltd uk>
Date: Wed, 19 Nov 2003 12:51:17 +0000
Hi,While auditing a web app, I've found the site redirects not found pages to a login screen. This contains an element like:
<input type="hidden" name="tageturl" value="XXX">Now, the XXX bit is controlled by the user, and it seems the only characters escaped are " and & - i.e. <script>alert(document.cookie)</script> gets through (hence my tool alerted me).
Can this be exploited for XSS? I can't see how to immediately, but it seems possible.
Paul -- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul () westpoint ltd uk web: www.westpoint.ltd.uk
Current thread:
- Can you exploit this XSS? Paul Johnston (Nov 19)
- Re: Can you exploit this XSS? Robin (Nov 19)
- Re: Can you exploit this XSS? Paul Johnston (Nov 19)
- Re: Can you exploit this XSS? dd (Nov 19)
- Re: Can you exploit this XSS? Sverre H. Huseby (Nov 20)
- Re: Can you exploit this XSS? Paul Johnston (Nov 20)
- Re: Can you exploit this XSS? mark (Nov 25)
- Re: Can you exploit this XSS? Peter Pentchev (Nov 26)
- <Possible follow-ups>
- RE: Can you exploit this XSS? Scovetta, Michael V (Nov 19)
- Re: Can you exploit this XSS? Paul Johnston (Nov 19)
- RE: Can you exploit this XSS? Parity (Nov 24)
(Thread continues...)
- Re: Can you exploit this XSS? Robin (Nov 19)