Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Make browser parse tag.. ?? - another Smoketest
Posted by: mikefree
Date: February 12, 2011 03:27PM

What characters are required after a "<"-character in order to be parsed as tag by the browser?

I found the following scenario:
1. "<" followed by a blank + arbitrary data
2. "<" followed by a <br /> + arbitrary data
3. "<" followed by &nbsp; + arbitrary data
4. "<" followed by %0B + arbitrary data
5. "<" followed by %0C + arbitrary data


Any ways to exploit this?
You can test the it here: [testittt.110mb.com]



Edited 1 time(s). Last edit at 02/12/2011 03:32PM by mikefree.

Options: ReplyQuote
Re: Make browser parse tag.. ?? - another Smoketest
Posted by: Skyphire
Date: February 19, 2011 04:18PM

http://mxr.mozilla.org/mozilla1.9.2/source/parser/htmlparser/src/nsHTMLTokens.cpp#284

Options: ReplyQuote


Sorry, only registered users may post in this forum.