WebApp Sec mailing list archives
RE: xxs problem
From: Dean Saxe <Dean.Saxe () DigitalInsight com>
Date: Tue, 16 Mar 2004 10:44:53 -0500
Your script requires a semicolon at the end to run. If you use Netscape check the Javascript debugger and it should report an error with your script. -dhs -----Original Message----- From: Frank Dobb [mailto:nyon1261 () yahoo com] Sent: Tuesday, March 16, 2004 8:35 AM To: webappsec () securityfocus com Subject: xxs problem To all you xxx'ers on this list. I have been testing an application for XXS vulnerabilities. I am very stuck & would appreciate some advice. When I enter the following URL : http://standard/default.aspx?Mode=<script>alert(document.cookie)</script>&Pa geView=Shared I get the <script>alert(document.cookie)</script> text sent back in the reply. I thought this would now be easy - However it does not provoke an alert within the browser. On further analysis, I see the <script>alert(document.cookie)</script> occurs in the middle of a <form> statement. <form name="form1" method="post" action="default.aspx?Mode=<SCRIPT>alert(document.cookie)</SCRIPT>&PageView=S hared" id="form1"> you can see that my injected script is in the middle of the action statement which is enclosed in double quotes. I thought I would just need to close this action statement and then close the form. However, when I do this by sending a "> before the injected script http://standard/default.aspx?Mode="><script>alert(document.cookie)</script>& PageView=Shared I get the following result : <form name="form1" method="post" action="default.aspx?Mode="><SCRIPT>alert(document.cookie)</SCRIPT>&PageView =Shared" id="form1"> You can see that the > passes ok but the " is converted to a " character - which is not interpreted by the browser. So is this a gotcha... or is there a way I can terminate this double-quoted string to get my script to execute? thanks for any advice, regards Frank __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com
Current thread:
- xxs problem Frank Dobb (Mar 16)
- Re: xxs problem Clint Bodungen (Mar 17)
- <Possible follow-ups>
- RE: xxs problem Dean Saxe (Mar 16)
- RE: xxs problem Michael Silk (Mar 17)