Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Payload Positioning
Posted by: lat
Date: August 24, 2010 09:51AM

I have a web page that allows me to inject arbitrary unfiltered payloads within <script> tags but only after the following javascript statements:

script type="text/javascript">
<!--
document.body.innerHTML = window.opener.document.body.innerHTML;
copyValues(window.opener.document, document);
addInWindowToAction(document.forms[0])
document.forms[0].__EVENTTARGET.value = 'betControl:_ctl1210ea';
// I can inject my payload here, i.e.:
alert(1);
// End of area I can submit my payload
document.forms[0].submit();
// -->

the alert function doesn't fire, but when I manually place alert above the document.body.innerHTML statement it does. Can someone explain why the alert(1); doesn't execute and suggest ways to get it to?

Thanks

Options: ReplyQuote
Re: Payload Positioning
Posted by: p0deje
Date: August 27, 2010 12:53PM

if it's unfiltered as you say, why not
</script><script>alert(1)</script>

---------
http://p0deje.blogspot.com

Options: ReplyQuote


Sorry, only registered users may post in this forum.