|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 107
Members: 0
Total: 107
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Help to evade xss filter... |
|
Posted: Mon Feb 14, 2011 4:35 am |
|
|
aritmos |
Advanced user |
|
|
Joined: Jul 21, 2008 |
Posts: 82 |
Location: Inside a salted MD5 |
|
|
|
|
|
|
I send this XSS:
"><script>alert('xss')</script><f
Browser you can see:
"><script>alert('xss')<%2Fscript><f
And source code generated:
<input name="query" value=""><script>alert('xss')</script><f" class="text text_query query" id="query" type="text">
how can i evade the filters? |
|
|
|
|
|
|
|
|
Posted: Mon Feb 14, 2011 5:41 pm |
|
|
Cyko |
Moderator |
|
|
Joined: Jul 21, 2009 |
Posts: 375 |
|
|
|
|
|
|
|
Problems:
1. Double quotes are converted to entities.
2. The < and > characters are also converted to entities.
Theirfore (too my knowledge) you can't brake out of the value attribute (in that format) - which is whats needed to execute/parse any JavaScript (as the value attribute can't execute/parse JavaScript on its own).
If the attribute was an on* (onclick, onhover etc.) attribute their would'nt be any problems (as their'd be no need to use double quotes or < and > characters) - infact it would be a breeze.
On a side note to the site owner - I assume the site is using htmlspecialchars(), I'd recommend to set the second paremeter to ENT_QUOTES to allow not only double quotes but single too (as currently its just converting double) - always a good idea to further migitate the risk of XSS attacks.
More info:
http://www.w3schools.com/tags/att_input_value.asp
http://ha.ckers.org/xss.html |
|
|
|
|
|
|
|
|
Posted: Tue Feb 15, 2011 8:55 am |
|
|
aritmos |
Advanced user |
|
|
Joined: Jul 21, 2008 |
Posts: 82 |
Location: Inside a salted MD5 |
|
|
|
|
|
|
then...is it imposible to do a xss injection? |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|