Hi Mephisto,
> <input type="text" name="a" value=""><script>alert(xss);</script>" size="30" maxlength="255" />
If the application has character encoding problem, you can use malformed US-ASCII or UTF-7 or something to bypass the filter.
US-ASCII: [
ha.ckers.org]
UTF-7: [
sla.ckers.org]
Otherwise, I think there is no way to bypass it.
Edited 1 time(s). Last edit at 03/02/2007 01:18AM by teracci.