|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 168
Members: 0
Total: 168
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
XSS help needed |
|
Posted: Tue Dec 05, 2006 7:31 pm |
|
|
faifas |
Regular user |
|
|
Joined: Feb 25, 2005 |
Posts: 8 |
|
|
|
|
|
|
|
Hey there,
I've just realised that I've found a nice xss bug in a famous my country site. Webmasters were pretty stupid thinking that maxlength may stop XSS.
However I've understood that i can use javascript,
tried to do the following:
Code: | "><script>alert(document.cookie)</script><" |
it worked
alright, but what next? What's the point of this bug?
I wonder if I can steal cookies using this bug since i perform it in a text input that is originaly made to find another user.
Any ideas?
Btw cookie seems weird doesn't it?
Thanks in advance
PS: tbh I'm not familiar with XSS, but some info and advices would be realy nice |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|