 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 160
 Members: 0
 Total: 160
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
What if the <> tags are filtered? |
|
 Posted: Sun Feb 10, 2008 5:21 pm |
 |
|
| Panic_Mode |
| Active user |
 |
|
| Joined: Feb 09, 2008 |
| Posts: 39 |
|
|
|
 |
|
 |
|
Exept for <> tags what other way can be used to test if a site is vulnerable...?
I found XSS vulnerability by injecting javascript through the sites search engine but the admin found it and fixed that. Now I use >" <script> tags etc and the engine ignores them and just continues searching...
Is there another place in the site that I can test if it is capable of XSS ? |
|
|
|
|
| Posted: Sun Feb 10, 2008 5:34 pm |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
< = %3C
> = %3E
< = chr(60)
> = chr(62) |
|
|
|
|
| Posted: Sun Feb 10, 2008 5:40 pm |
|
|
| Panic_Mode |
| Active user |
|
|
| Joined: Feb 09, 2008 |
| Posts: 39 |
|
|
|
|
|
|
|
yeh indeed 
chance of being filtered too? |
|
|
|
|
| Posted: Wed Mar 12, 2008 2:07 am |
|
|
| Oilik |
| Active user |
 |
|
| Joined: Mar 05, 2008 |
| Posts: 35 |
|
|
|
|
|
|
|
| koko wrote: | < = %3C
> = %3E |
I thought your browser automatically made those when putting < and > in the URL bar and clicking enter[also applies to PostData], and that file on the server automatically makes that < and >, so it would make no difference.
Correct me if I'm wrong.. |
|
|
|
|
|
|
|
|
| Posted: Fri Jun 13, 2008 9:02 pm |
|
|
| lenny |
| Valuable expert |
|
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
You can't really do anything about that, unless the php script is dumping anything into a javascript already, where it would just be a case of escaping the quotes and adding a semicolon... then doing what you like!
For example, I dealt with a script that did this:
| Quote: | ...html stuff...
<script>
var abc = "blahblahblah {$php_variable} blah balh blah";
</script>
...html stuff... |
The php variable was sanitized with simple "addslashes" so I was able to escape the the initial quotes despite the addslashes, turning it into this:
| Quote: | ...html stuff...
<script>
var abc = "blahblahblah "; window.location="XSS in here"; // blah balh blah";
</script>
...html stuff... |
I did so using
| Quote: | | "; window.location="XSS in here"; // |
 |
|
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
