I have found a website with an XSS vulnerability in a field that can't be accessed from a URL like the example below; www.example.com/search.php?a=xssHere The XSS vulnerability only works if I manually type in the script into the field. How do I make it possible to link others to a page with the XSS included (submitted)? When the search button is clicked, the page gets updated with the search data from a 'call_ajax' function, so the page doesn't get refreshed. Is this still exploitable? http://sla.ckers.org/forum/read.php?2,28689,28689#msg-28689 Sat, 25 May 2013 13:34:37 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?2,28689,33463#msg-33463 http://sla.ckers.org/forum/read.php?2,28689,33463#msg-33463
I have a similar problem where everything works fine just when introduced manually.

The link doesn't change when the <script> is added to the Search; it has javascript:executeSearch().

Thx.]]> bobku XSS Info Tue, 16 Feb 2010 09:48:09 -0600 http://sla.ckers.org/forum/read.php?2,28689,28713#msg-28713 http://sla.ckers.org/forum/read.php?2,28689,28713#msg-28713 Kyo XSS Info Wed, 10 Jun 2009 11:16:11 -0500 http://sla.ckers.org/forum/read.php?2,28689,28700#msg-28700 http://sla.ckers.org/forum/read.php?2,28689,28700#msg-28700
-------

are u talking about POST vs GET?

see if you can see what the search value is, and setting it in the URL. that sometimes work
ex: hxxp://site.com/search.php?s="><script>alert(1);</script>

or you can setup a free site somewhere, and do an automatic form submission
<body onload=Form.form1.submit()>
<form method=post action=http://site.com/search.php>
<input type=hidden name=search value='"><script>alert(1);</script>
<input type=submit>
</form>

then send them the url to your free site
http://freesite.com/evil.html

and boom they are xssed


i hope thats what you are trying to do]]> PaPPy XSS Info Tue, 09 Jun 2009 15:04:32 -0500 http://sla.ckers.org/forum/read.php?2,28689,28696#msg-28696 http://sla.ckers.org/forum/read.php?2,28689,28696#msg-28696
Try using a iframe to the target site and overlaying the target area and then social engineering to click the button. I presume the button is activated with a javascript event rather than a post or get action. You need to be able to provide content either stored or reflected in some form to conduct an attack.]]> Gareth Heyes XSS Info Tue, 09 Jun 2009 13:28:35 -0500 http://sla.ckers.org/forum/read.php?2,28689,28695#msg-28695 http://sla.ckers.org/forum/read.php?2,28689,28695#msg-28695 -------------------------------------------------------
> Try working with images - the browser will attempt
> to load them even if the content came in via Ajax
> providing you load and error events.

I think you misunderstood me. My problem is not with finding an XSS vector, it's with somehow getting that XSS'd page to display for other users. My problem is that the search field can't be submitted from the URL like a normal XSS attack where a crafted URL is given to a victim (shown in my example), so I'm looking for alternatives.]]> Gobo XSS Info Tue, 09 Jun 2009 13:18:00 -0500 http://sla.ckers.org/forum/read.php?2,28689,28692#msg-28692 http://sla.ckers.org/forum/read.php?2,28689,28692#msg-28692 Anonymous User XSS Info Tue, 09 Jun 2009 11:54:19 -0500 http://sla.ckers.org/forum/read.php?2,28689,28689#msg-28689 http://sla.ckers.org/forum/read.php?2,28689,28689#msg-28689
www.example.com/search.php?a=xssHere

The XSS vulnerability only works if I manually type in the script into the field.
How do I make it possible to link others to a page with the XSS included (submitted)?

When the search button is clicked, the page gets updated with the search data from a 'call_ajax' function, so the page doesn't get refreshed. Is this still exploitable?]]> Gobo XSS Info Tue, 09 Jun 2009 10:53:31 -0500