Vulnerability Development mailing list archives
Re: Can you exploit this XSS?
From: mark <mark () nunswithguns co uk>
Date: Tue, 25 Nov 2003 16:02:11 +0000
Just noticed no-one yet mentioned this so i thought i'd add it..Another way of making the link with the code in a less obvious XSS one (to the uninitiated at least) is shown here
test.php?%73%6f%6d%65%74%68%69%6e%67%3d%74%68%69%73%20%69%73%20%61%20%74%65%73%74
which is actually translates as: test.php?something=this is a testas you can see its just the hex for each character, %20 is a space as you probably already know.
not a biggie but i thought i'd mention it. very simple php to do this follows... $string="something=this is a test"; for($x=0;$x<strlen($string);$x++){ echo "%".dechex(ord($string[$x])); } Paul Johnston wrote:
Hi,While auditing a web app, I've found the site redirects not found pages to a login screen. This contains an element like:<input type="hidden" name="tageturl" value="XXX">Now, the XXX bit is controlled by the user, and it seems the only characters escaped are " and & - i.e. <script>alert(document.cookie)</script> gets through (hence my tool alerted me).Can this be exploited for XSS? I can't see how to immediately, but it seems possible.Paul
Current thread:
- Can you exploit this XSS? Paul Johnston (Nov 19)
- Re: Can you exploit this XSS? Robin (Nov 19)
- Re: Can you exploit this XSS? Paul Johnston (Nov 19)
- Re: Can you exploit this XSS? dd (Nov 19)
- Re: Can you exploit this XSS? Sverre H. Huseby (Nov 20)
- Re: Can you exploit this XSS? Paul Johnston (Nov 20)
- Re: Can you exploit this XSS? mark (Nov 25)
- Re: Can you exploit this XSS? Peter Pentchev (Nov 26)
- <Possible follow-ups>
- RE: Can you exploit this XSS? Scovetta, Michael V (Nov 19)
- Re: Can you exploit this XSS? Paul Johnston (Nov 19)
- RE: Can you exploit this XSS? Parity (Nov 24)
- RE: Can you exploit this XSS? Dawes, Rogan (ZA - Johannesburg) (Nov 21)
- Re: Can you exploit this XSS? Sverre H. Huseby (Nov 21)
- Re: Can you exploit this XSS? Robin (Nov 19)