Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS help
Posted by: PaPPy
Date: April 01, 2011 06:31PM

I will let someone else take a crack at it
http://www.mcafee.com/us/events/index.aspx?pg=1&sz=30&tf=14800&et=0&dt=201106&srt=d&sd=0&region=test%22%3E&contentype=%22%3Etest

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: XSS help
Posted by: SW
Date: April 02, 2011 12:07AM

Can you can execute javascript without any = or ()?

Options: ReplyQuote
Re: XSS help
Posted by: Anonymous User
Date: April 02, 2011 10:22AM

Yep. in this particular situation on FF4 and Webkit (SF5, GC10) you can.

Options: ReplyQuote
Re: XSS help
Posted by: Gareth Heyes
Date: April 02, 2011 12:41PM

Yeah me too :)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: XSS help
Posted by: tr3w
Date: April 02, 2011 04:56PM

Done. It was fun :) FF4 and GC killed a lot of blacklist filters :O

Options: ReplyQuote
Re: XSS help
Posted by: Anonymous User
Date: April 02, 2011 05:47PM

<edit />

I almost disclosed too much, let's see if SW and PaPPy can figure it out :P



Edited 1 time(s). Last edit at 04/02/2011 05:48PM by .mario.

Options: ReplyQuote
Re: XSS help
Posted by: PaPPy
Date: April 03, 2011 09:05AM

i dunno just submit it to xssed.com
before mcafee comes across this page

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: XSS help
Posted by: The-Wildcat
Date: April 03, 2011 09:07AM

hm, it's also exploitable in FF3 but only with a click on the pager.

In FF4, is it exploitable without user interaction? If so, how?^^



Edited 1 time(s). Last edit at 04/03/2011 09:15AM by The-Wildcat.

Options: ReplyQuote
Re: XSS help
Posted by: SW
Date: April 07, 2011 12:38AM

What happened to that nice google docs page of up to date xss vectors? :P

Options: ReplyQuote


Sorry, only registered users may post in this forum.