WebApp Sec mailing list archives
Re: XSS - Double Quote break out and White Space filtered
From: arvind doraiswamy <arvind.doraiswamy () gmail com>
Date: Sat, 30 May 2009 10:47:48 +0530
Thanks Jeff and Florian. @Jeff: All the other whitespace characters were blocked off as well. The backticks one worked on this one though so Problem1 is solved. @Florian: = was allowed and we managed to do this with an onChange event handler. There might be a better event handler too though, didn't try since we got it with this one. Regarding Problem 2, I've gone through the OWAS Prevention sheet in great detail. There are even recommendations there saying we should put untrusted data between " " to secure it. Considering that and all the characters which are blocked off I do wonder how one could bypass this. I'm sure there is an XSS on this because its part of a war game which we started playing to improve understanding: Here's a snapshot of the related code: <form action="blahblah.php" method="post"> document.write: <input type="text" name="p1" size="60" value="ggggg"> <input type="submit" value="reflect"> <pre><script>document.write("gggggg");</script></pre> </form> So as you see all reflection points are in double quotes and all key characters are blocked off as mentioned earlier. An input in the text box of: < > : ; " ' ` = ( ) / \ * is reflected back as: < > : ; " ' ` = ( ) / \ * What can I do with this? Cheers Arvind p.s... Remember its definitely there..its a wargame ;)
Current thread:
- XSS - Double Quote break out and White Space filtered arvind doraiswamy (May 28)
- RE: XSS - Double Quote break out and White Space filtered PortSwigger (May 28)
- Re: XSS - Double Quote break out and White Space filtered arvind doraiswamy (May 28)
- RE: XSS - Double Quote break out and White Space filtered Jeff Williams (May 28)
- Re: XSS - Double Quote break out and White Space filtered arvind doraiswamy (May 28)
- Re: XSS - Double Quote break out and White Space filtered Florian Weimer (May 31)
- Re: XSS - Double Quote break out and White Space filtered arvind doraiswamy (May 31)
- Re: XSS - Double Quote break out and White Space filtered Florian Weimer (May 31)
- Re: XSS - Double Quote break out and White Space filtered arvind doraiswamy (Jun 02)
- Message not available
- Re: XSS - Double Quote break out and White Space filtered arvind doraiswamy (Jun 08)
- Re: XSS - Double Quote break out and White Space filtered Marc-André Laverdière (Jun 08)
- Re: XSS - Double Quote break out and White Space filtered arvind doraiswamy (May 31)
- RE: XSS - Double Quote break out and White Space filtered PortSwigger (May 28)