Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS + FF/Chrome + plain/text
Posted by: choronzon
Date: July 16, 2012 01:17PM

Hello,

I have and xss like this:

POST /...
Host: server
...

par=<XSS>


HTTP/1.1 200 OK
...
Content-Type: text/plain; charset=UTF-8
...

{"par":"<XSS>"}


client-side code execution can be obtained with IE, but I need a working vector for FF or Chrome. Any suggestions?

Thanks,
c.

Options: ReplyQuote
Re: XSS + FF/Chrome + plain/text
Posted by: Albino
Date: July 17, 2012 05:22AM

iirc this kind of thing is not exploitable in firefox&chrome (and even the latest IE), since they respect the Content-Type header.

-------------------------------------------------------
Research blog

Options: ReplyQuote


Sorry, only registered users may post in this forum.