Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS in <a href=""> without clicking? --> with Smoketest
Posted by: mikefree
Date: February 09, 2011 09:44PM

Hi guys,
in this scenario arbitrary data can be injected in an HREF attribute of a link.
The only restrictions are:
1. " gets encoded to &quot;
2. < and > get removed

is it possible to break out of the href attribute and do "onRollover-stuff" or is it even possible to execute javascript without any user interaction?

You can test the scenario here: http://testittt.110mb.com/parser5.php

THX!



Edited 1 time(s). Last edit at 02/09/2011 09:47PM by mikefree.

Options: ReplyQuote
Re: XSS in <a href=""> without clicking? --> with Smoketest
Posted by: mikefree
Date: February 09, 2011 09:46PM

..forgot to mention:
I'm aware of various attacks where js is executed once the user clicks the link.
However since there are so few restrictions maybe more is possible?

Options: ReplyQuote
Re: XSS in <a href=""> without clicking? --> with Smoketest
Posted by: Kyo
Date: February 11, 2011 08:23PM

I can't think of anything except javascript: that would exploit this

Options: ReplyQuote
Re: XSS in <a href=""> without clicking? --> with Smoketest
Posted by: dev0
Date: February 27, 2011 02:41PM

Just some ideas:
To exploit this without user interaction we have to get out of the href attribute, so we need at least one ". Because " gets encoded we can't simply inject one. Escaping doesn't work, so....

Anyone got something? I'm really interested :)

Options: ReplyQuote


Sorry, only registered users may post in this forum.