Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Bypassing php str_ireplace filter?
Posted by: hyrax
Date: September 22, 2011 06:51PM

I am trying to bypass a filter that works in this way:

str_ireplace("script", "", $content);

I know the <img src="x" onerror="jscode" /> method

but is there another way to bypass that to inject js?



Edited 1 time(s). Last edit at 09/22/2011 07:09PM by hyrax.

Options: ReplyQuote
Re: Bypassing php str_ireplace filter?
Posted by: barbarianbob
Date: September 22, 2011 08:05PM

<scrscriptipt>alert(1)</scrscriptipt>

Options: ReplyQuote


Sorry, only registered users may post in this forum.