Paid Advertising is
ha.ckers sla.cking
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
xss in script tag without ( and )
Posted by: joel
Date: September 27, 2011 12:10AM

hi, all

I just found a XSS, which will reflect the argument of url inside the script tag, but the <, >, (, ) would be filtered

For example:

The source code of the page is:

When I try


It show me:

Can this page be xssed?

Thanks in advance.

Options: ReplyQuote
Re: xss in script tag without ( and )
Posted by: Gareth Heyes
Date: September 27, 2011 08:29AM


"People who say it cannot be done should not interrupt those who are doing it.";
labs : []
blog : []
Hackvertor : []

Edited 1 time(s). Last edit at 09/27/2011 08:31AM by Gareth Heyes.

Options: ReplyQuote

Sorry, only registered users may post in this forum.