Paid Advertising is
ha.ckers sla.cking
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS + FF/Chrome + plain/text
Posted by: choronzon
Date: July 16, 2012 01:17PM


I have and xss like this:

POST /...
Host: server


HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8


client-side code execution can be obtained with IE, but I need a working vector for FF or Chrome. Any suggestions?


Options: ReplyQuote
Re: XSS + FF/Chrome + plain/text
Posted by: Albino
Date: July 17, 2012 05:22AM

iirc this kind of thing is not exploitable in firefox&chrome (and even the latest IE), since they respect the Content-Type header.

Research blog

Options: ReplyQuote

Sorry, only registered users may post in this forum.