Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
xss in script tag without ( and )
Posted by: joel
Date: September 27, 2011 12:10AM

hi, all

I just found a XSS, which will reflect the argument of url inside the script tag, but the <, >, (, ) would be filtered

For example:

The source code of the page is:

When I try


It show me:

Can this page be xssed?

Thanks in advance.

Options: ReplyQuote
Re: xss in script tag without ( and )
Posted by: Gareth Heyes
Date: September 27, 2011 08:29AM


"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Edited 1 time(s). Last edit at 09/27/2011 08:31AM by Gareth Heyes.

Options: ReplyQuote

Sorry, only registered users may post in this forum.