Paid Advertising is
ha.ckers sla.cking
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Payload Positioning
Posted by: lat
Date: August 24, 2010 09:51AM

I have a web page that allows me to inject arbitrary unfiltered payloads within <script> tags but only after the following javascript statements:

script type="text/javascript">
document.body.innerHTML = window.opener.document.body.innerHTML;
copyValues(window.opener.document, document);
document.forms[0].__EVENTTARGET.value = 'betControl:_ctl1210ea';
// I can inject my payload here, i.e.:
// End of area I can submit my payload
// -->

the alert function doesn't fire, but when I manually place alert above the document.body.innerHTML statement it does. Can someone explain why the alert(1); doesn't execute and suggest ways to get it to?


Options: ReplyQuote
Re: Payload Positioning
Posted by: p0deje
Date: August 27, 2010 12:53PM

if it's unfiltered as you say, why not


Options: ReplyQuote

Sorry, only registered users may post in this forum.