Re: XSS Filter Evasion

[Wil Clouser <clouserw () gmail com>]

There is no need to close it if you can inject something with
onclick="" or a similar attribute.

Wil

On Sun, Apr 12, 2009 at 3:07 AM, cAs <writemecas () googlemail com> wrote:
> Hello everybody,
>
> i recently tested a web application for XSS vulnerabilities. There i found a
> search function where i did the following:
>
> Injected String: "test
> Source Code Result:
>
> <input autocomplete="off" class="searchbox" type="text" name="searchInclude"
> id="q" value=""test"/>
>
> "YES!" - i thought, but this "simple" target turned out to be a hard job.
> The next thing i did was injecting this:
>
> Injected String: ">test
> Source Code Result:
>
> <input autocomplete="off" class="searchbox" type="text" name="searchInclude"
> id="q" value=""gttest"/>
>
> So the < > get filtered, as well as ().
> Is there still a way to close the input tag?
>
> Greetings,
> cAs