WebApp Sec mailing list archives
XSS Testing
From: "PenTest Guy" <pentestguy () hotmail com>
Date: Fri, 17 Sep 2004 15:26:11 +0000
I'm testing a web application. Previously, I had found XSS using a standard variant: <scr1pt>al3rt('XSS')</scr1pt> (note used 3 for e and 1 for i as to not cause any problems). I also URL encoded this same variant and it worked as well. So I told them how to fix it (filtering out malicious characters, encoding, etc. on the server side) and it seems fixed now. I was just curious if there is any other way to manipulate the same variant, such as other encoding schemes, that might bypass the protections I recommended.
Thanks. _________________________________________________________________Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Current thread:
- XSS Testing PenTest Guy (Sep 18)
- RE: XSS Testing Mike Andrews (Sep 18)
- Re: XSS Testing RSnake (Sep 18)
- Re: XSS Testing Devdas Bhagat (Sep 20)