Vulnerability Development mailing list archives
XSS question.
From: "VAM" <thebigbadwolf () fastmail fm>
Date: Wed, 04 Dec 2002 14:32:32 -0800
Hey I am trying to figure out a way to exploit a webserver that is supposedly vulnerable to XSS. The issues are: 1. </SCRIPT> gets converted into <\SCRIPT> in the server response.. for ScrIPT, etc too.. 2. img%20src remains img%20src in the response.. (the server does no decoding) so, I am not able to make IE/others execute the javascript embedded in there. Is there any other way/ways of invoking javascript in the HTML response from the server.. e.g. any other single-worded HTML tag etc that can do something like what <img src=javascript:alert("hello")> does.. ? Thanks!
Current thread:
- XSS question. VAM (Dec 05)
- Re: XSS question. zeno (Dec 05)
- <Possible follow-ups>
- Re: XSS question. VAM (Dec 05)
- Re: XSS question. zeno (Dec 05)