Re: Can you exploit this XSS?

[mark <mark () nunswithguns co uk>]

Just noticed no-one yet mentioned this so i thought i'd add it..
Another way of making the link with the code in a less obvious XSS one 
(to the uninitiated at least) is shown here

   
test.php?%73%6f%6d%65%74%68%69%6e%67%3d%74%68%69%73%20%69%73%20%61%20%74%65%73%74

which is actually translates as:

   test.php?something=this is a test

as you can see its just the hex for each character, %20 is a space as 
you probably already know.

not a biggie but i thought i'd mention it.

very simple php to do this follows...

$string="something=this is a test";
for($x=0;$x<strlen($string);$x++){
               echo "%".dechex(ord($string[$x]));
}




Paul Johnston wrote:

> Hi,
>
> While auditing a web app, I've found the site redirects not found 
> pages to a login screen. This contains an element like:
>
> <input type="hidden"  name="tageturl" value="XXX">
>
> Now, the XXX bit is controlled by the user, and it seems the only 
> characters escaped are " and & - i.e. 
> <script>alert(document.cookie)</script> gets through (hence my tool 
> alerted me).
>
> Can this be exploited for XSS? I can't see how to immediately, but it 
> seems possible.
>
> Paul