Paid Advertising is
ha.ckers sla.cking
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
xss in meta tag
Posted by: GaSmo
Date: April 28, 2010 02:40AM

Hey there,

found a page of a big av, with a xss hole.
i can place " to break content of a metatag, problem here
is, tah everything after ";" will be deleted. so is there any other waY?

this url: &q=gasm-1'" http-equiv="refresh" content="23; URL=">

will get this code:

<meta name="keywords" content="Lookup gasm-1'" http-equiv="refresh" content="23, Spyware, Adware, Spam, Betrug" />

Options: ReplyQuote

Sorry, only registered users may post in this forum.