Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS payload when < and " are encoded and input validation for =
Posted by: HacktheSlack
Date: September 17, 2010 12:37PM

Please provide me with the XSS payload when both < and " (special characters) are encoded and input validation for = and @ (special character) exists in the application
input validation for = and @
encoding for < and =
Urgent help required

Options: ReplyQuote
Re: XSS payload when < and " are encoded and input validation for =
Posted by: HacktheSlack
Date: September 17, 2010 01:25PM

Is there any way to bypass encoding?

Options: ReplyQuote
Re: XSS payload when < and " are encoded and input validation for =
Posted by: thornmaker
Date: September 17, 2010 09:21PM

HacktheSlack Wrote:
-------------------------------------------------------
> Is there any way to bypass encoding?


Yes.

Options: ReplyQuote
Re: XSS payload when < and " are encoded and input validation for =
Posted by: HacktheSlack
Date: September 18, 2010 02:17AM

how can we bypass encoding and also we can't use = sign
let me know some XSS payloads for bypassing encoding

Options: ReplyQuote
Re: XSS payload when < and " are encoded and input validation for =
Posted by: thornmaker
Date: September 18, 2010 10:29AM

what might work depends on context

Options: ReplyQuote
Re: XSS payload when < and " are encoded and input validation for =
Posted by: HacktheSlack
Date: September 18, 2010 10:37AM

I would really appreciate if someone can help me out with some technique/logic or sample payload which works when encoding is enabled and input validation in implemented for = and @
Urgent help required.

Options: ReplyQuote
Re: XSS payload when < and " are encoded and input validation for =
Posted by: thornmaker
Date: September 19, 2010 01:44AM

http://sla.ckers.org/forum/list.php?24

of if you want to be more specific...

http://sla.ckers.org/forum/read.php?24,35645#msg-35684

Options: ReplyQuote


Sorry, only registered users may post in this forum.