Re: XSS - Double Quote break out and White Space filtered

[arvind doraiswamy <arvind.doraiswamy () gmail com>]

Thanks Jeff and Florian.
@Jeff: All the other whitespace characters were blocked off as well.
The backticks one worked on this one though so Problem1 is solved.
@Florian: = was allowed and we managed to do this with an onChange
event handler. There might be a better event handler too though,
didn't try since we got it with this one.

Regarding Problem 2, I've gone through the OWAS Prevention sheet in
great detail. There are even recommendations there saying we should
put untrusted data between " " to secure it. Considering that and all
the characters which are blocked off I do wonder how one could bypass
this. I'm sure there is an XSS on this because its part of a war game
which we started playing to improve understanding:

Here's a snapshot of the related code:

<form action="blahblah.php" method="post">
document.write: <input type="text" name="p1" size="60" value="ggggg">
<input type="submit" value="reflect">
<pre><script>document.write("gggggg");</script></pre>
</form>

So as you see all reflection points are in double quotes and all key
characters are blocked off as mentioned earlier.

An input in the text box of: < > : ; " ' ` = ( ) / \ * is reflected back as:
&lt; &gt; : ; &quot; &#039; ` = ( ) / \ *

What can I do with this?

Cheers
Arvind
p.s... Remember its definitely there..its a wargame ;)