Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
may by xss in tag a in text ?
Posted by: mghack
Date: July 28, 2011 04:34PM

Hello.

<a href=http://site.com?123.html#text>link</a>

where text filtered
space replace %20
<,>," filtered

/ ' = - no filtered

may by xss in tag a in text ?

Options: ReplyQuote
Re: may by xss in tag a in text ?
Posted by: Gareth Heyes
Date: July 28, 2011 06:35PM

New line then

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: may by xss in tag a in text ?
Date: July 29, 2011 07:18AM

or use tab

Options: ReplyQuote
Re: may by xss in tag a in text ?
Posted by: jackmasa
Date: July 31, 2011 01:52PM

<?php echo chr(12)?> is also good

Options: ReplyQuote
Re: may by xss in tag a in text ?
Posted by: infinity
Date: July 31, 2011 04:18PM

Hi,

but it would not work in this case. If the brackets < and > are filtered and space is replaced by %20, the result would be something like this:

<a href=http://site.com?123.html#?php%20echo%20chr(12)?>link</a>

Options: ReplyQuote
Re: may by xss in tag a in text ?
Posted by: jackmasa
Date: August 01, 2011 11:55AM

hi infinity,"<?php echo chr(12)?>" is a ascii char,equal to javascript:String.fromCharCode(12).

Options: ReplyQuote
Re: may by xss in tag a in text ?
Posted by: Gareth Heyes
Date: August 01, 2011 12:51PM



------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote


Sorry, only registered users may post in this forum.