WebApp Sec mailing list archives
Re: XSS - Double Quote break out and White Space filtered
From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 31 May 2009 16:55:00 +0200
* arvind doraiswamy:
Here's a snapshot of the related code:
<form action="blahblah.php" method="post">
document.write: <input type="text" name="p1" size="60" value="ggggg">
<input type="submit" value="reflect">
<pre><script>document.write("gggggg");</script></pre>
</form>
Is this some sort of homework?
So as you see all reflection points are in double quotes and all key characters are blocked off as mentioned earlier. An input in the text box of: < > : ; " ' ` = ( ) / \ * is reflected back as: < > : ; " ' ` = ( ) / \ *
You need to target the document.write() call.
Current thread:
- XSS - Double Quote break out and White Space filtered arvind doraiswamy (May 28)
- RE: XSS - Double Quote break out and White Space filtered PortSwigger (May 28)
- Re: XSS - Double Quote break out and White Space filtered arvind doraiswamy (May 28)
- RE: XSS - Double Quote break out and White Space filtered Jeff Williams (May 28)
- Re: XSS - Double Quote break out and White Space filtered arvind doraiswamy (May 28)
- Re: XSS - Double Quote break out and White Space filtered Florian Weimer (May 31)
- Re: XSS - Double Quote break out and White Space filtered arvind doraiswamy (May 31)
- Re: XSS - Double Quote break out and White Space filtered Florian Weimer (May 31)
- Re: XSS - Double Quote break out and White Space filtered arvind doraiswamy (Jun 02)
- Message not available
- Re: XSS - Double Quote break out and White Space filtered arvind doraiswamy (Jun 08)
- Re: XSS - Double Quote break out and White Space filtered Marc-André Laverdière (Jun 08)
- Re: XSS - Double Quote break out and White Space filtered arvind doraiswamy (May 31)
- RE: XSS - Double Quote break out and White Space filtered PortSwigger (May 28)