 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 365
 Members: 0
 Total: 365
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Bypassing magic quote GPC |
|
 Posted: Sat Nov 10, 2012 3:01 pm |
 |
|
| wokky |
| Regular user |
 |
|
| Joined: Oct 09, 2009 |
| Posts: 11 |
|
|
|
 |
|
 |
|
Hi everyone,
I have found a XSS issue on a website via a search engine, I can easily inject script tag wich is executed, meaning i can get cookies.
So all i have to do is to get my victim visiting that page and send me back the cookies on a remote page.
But the magic quote is activated so I cant write a string containing the url of my remote page, to bypass that I used the awesome function String.fromCharCode() plus its more stealthy ?* .
Unfortunatly the website lower the string meaning I cant use any functions or objects with uppercase letter.
I have no idea to bypass magicquote + lowercase ? so i ask you guys
Thanks |
|
|
|
|
| Posted: Fri Nov 16, 2012 5:02 pm |
|
|
| hexe |
| Beginner |
|
|
| Joined: Nov 15, 2012 |
| Posts: 2 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Thu Nov 22, 2012 9:10 pm |
|
|
| wokky |
| Regular user |
|
|
| Joined: Oct 09, 2009 |
| Posts: 11 |
|
|
|
|
|
|
|
thx dude, i dont know why i didnt think of that, so simple ...  |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
