Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
xss in meta tag
Posted by: GaSmo
Date: April 28, 2010 02:40AM

Hey there,

found a page of a big av, with a xss hole.
i can place " to break content of a metatag, problem here
is, tah everything after ";" will be deleted. so is there any other waY?

this url: &q=gasm-1'" http-equiv="refresh" content="23; URL=http://de.selfhtml.org/">

will get this code:

<meta name="keywords" content="Lookup gasm-1'" http-equiv="refresh" content="23, Spyware, Adware, Spam, Betrug" />

Options: ReplyQuote


Sorry, only registered users may post in this forum.