Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Alert without ()
Posted by: Ivan
Date: August 03, 2011 01:48PM

Hello,


I have very limited XSS vulnerability with some WAF protection. I need alert('XSS') but without ( and ). , and ; and $ are also disabled.

Any tip? Thanks!


Ivan

http://www.security-net.biz/

Options: ReplyQuote
Re: Alert without ()
Posted by: Gareth Heyes
Date: August 03, 2011 02:32PM

';location=name// is all you need or look into the non alpha threads

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Alert without ()
Posted by: Ivan
Date: August 03, 2011 07:01PM

Yes, location=name is always a solution ;) But I was trying to find some way to do alert ... I don't find any NonAlpha without ( and ) ...

I will keep looking :)

http://www.security-net.biz/

Options: ReplyQuote
Re: Alert without ()
Date: August 05, 2011 12:32AM

innerHTML=location.hash // Firefox
~{valueOf:alert} // IE

seems no way for non-alnum code...

--
Yosuke HASEGAWA
http://utf-8.jp/

Options: ReplyQuote


Sorry, only registered users may post in this forum.