Paid Advertising
sla.ckers.org is
ha.ckers
sla.cking
Q and A for any cross site scripting information. Feel free to ask away.
Go to Topic:
Previous
•
Next
Go to:
Forum List
•
Message List
•
New Topic
•
Search
•
Log In
XSS + FF/Chrome + plain/text
Posted by:
choronzon
Date: July 16, 2012 01:17PM
Hello,
I have and xss like this:
POST /...
Host: server
...
par=<XSS>
HTTP/1.1 200 OK
...
Content-Type: text/plain; charset=UTF-8
...
{"par":"<XSS>"}
client-side code execution can be obtained with IE, but I need a working vector for FF or Chrome. Any suggestions?
Thanks,
c.
Options:
Reply
•
Quote
Re: XSS + FF/Chrome + plain/text
Posted by:
Albino
Date: July 17, 2012 05:22AM
iirc this kind of thing is not exploitable in firefox&chrome (and even the latest IE), since they respect the Content-Type header.
-------------------------------------------------------
Research blog
Options:
Reply
•
Quote
Go to:
Forum List
•
Message List
•
Search
•
Log In
Sorry, only registered users may post in this forum.
Click here to login
