[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: XSS question.
On Thu, 5 Dec 2002 14:23:36 -0500 (EST), "zeno" <bugtraq@xxxxxxxxxxxxxxx>
> If the server escapes everything (example <b>hi</b> becomes
> then you can't xss with the script method.
This server (Webster web server) does not escapes like you mention above,
but converts all '/'s into '\'.. so </script> becomes useless.
> As far as the browser leaving %20
> no it won't execute. using + instead of %20 also will not work.
> If you
> can manage
> to get the xss hole between a <script>
> then it would be possible.
In this case, </script> isn't helping.. Mozilla/IE do not seem to honor
<\script> in the response. When the same response is changed to
</script>, the script does get executed.
> Obviously script isn't the only method to call
I am looking for ways other than <script>...</script> and <img
> you encode the entire string does it leave it or attempt any type of
> translation back?
> (aka does it simply not translate %20 or does it do this to every
All %xx s are left as they are in the response.. so they become pretty
> - zeno@xxxxxxxxxxxxxxx
> > Hey I am trying to figure out a way to exploit a webserver that is
> > supposedly vulnerable to XSS. The issues are:
> > 1. </SCRIPT> gets converted into <\SCRIPT> in the server response.. for
> > ScrIPT, etc too..
> > 2. img%20src remains img%20src in the response.. (the server does no
> > decoding)
> > response from the server.. e.g. any other single-worded HTML tag etc that
> > Thanks!