Vulnerability Development mailing list archives
Re: Can you exploit this XSS?
From: Peter Pentchev <roam () ringlet net>
Date: Wed, 26 Nov 2003 10:27:13 +0200
On Tue, Nov 25, 2003 at 04:02:11PM +0000, mark wrote:
Just noticed no-one yet mentioned this so i thought i'd add it.. Another way of making the link with the code in a less obvious XSS one (to the uninitiated at least) is shown here test.php?%73%6f%6d%65%74%68%69%6e%67%3d%74%68%69%73%20%69%73%20%61%20%74%65%73%74
[snip]
very simple php to do this follows... $string="something=this is a test"; for($x=0;$x<strlen($string);$x++){ echo "%".dechex(ord($string[$x])); }
Or even simpler: $string = "something=this is a test"; echo preg_replace("/(..)/", "%\\1", bin2hex($string)); G'luck, Peter -- Peter Pentchev roam () ringlet net roam () sbnd net roam () FreeBSD org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence was in the past tense.
Attachment:
_bin
Description:
Current thread:
- Can you exploit this XSS? Paul Johnston (Nov 19)
- Re: Can you exploit this XSS? Robin (Nov 19)
- Re: Can you exploit this XSS? Paul Johnston (Nov 19)
- Re: Can you exploit this XSS? dd (Nov 19)
- Re: Can you exploit this XSS? Sverre H. Huseby (Nov 20)
- Re: Can you exploit this XSS? Paul Johnston (Nov 20)
- Re: Can you exploit this XSS? mark (Nov 25)
- Re: Can you exploit this XSS? Peter Pentchev (Nov 26)
- <Possible follow-ups>
- RE: Can you exploit this XSS? Scovetta, Michael V (Nov 19)
- Re: Can you exploit this XSS? Paul Johnston (Nov 19)
- RE: Can you exploit this XSS? Parity (Nov 24)
- RE: Can you exploit this XSS? Dawes, Rogan (ZA - Johannesburg) (Nov 21)
- Re: Can you exploit this XSS? Sverre H. Huseby (Nov 21)
- Re: Can you exploit this XSS? Robin (Nov 19)