|
|
 |
| New User, Welcome! Login |
Re: 5 char XSS?
| From: |
kuza55 <kuza55 gmail com> |
| To: |
vuln-dev securityfocus com |
| Cc: |
|
| Subject: |
Re: 5 char XSS? |
| Date: |
Mon - Apr 28, 2008 11:04 PM |
While this doesn't seem to apply to this particular bug, usually if
you have a short unfiltered injection then your best bet is to look
for a filtered injection later in the page and do a fragmentation
attack in 5 chars like this: (the </b=" is your unfiltered injection;
if they use " for quotes, you would use </b=' instead; if they use
both ' and " you could use </b=` but that would only work in IE)
<html>
<body>
<b/="
test" onmouseover=alert(1)
some other junk which is already on the page including another tag
such as a <div>div</div>
</body>
</html>
You'd probably want to use a style attribute with your filtered
injection rather than event handler but I'm sure you don't need my
help for that.
- kuza55
2008/4/26 Kristian Erik Hermansen <kristian.hermansen@gmail.com>:
> Yes, you make a good point :-). However, the purpose of the email was
> that we can't inject anything useful in 5 chars, so the XSS I posted
> merely corrupts the page a little, and does not execute any scripts on
> you. Honest! Go click the links and see ... Hehe
>
>
>
>
>
> On 4/26/08, Serg B <sergeslists@gmail.com> wrote:
> > Am I the only one who sees the irony of an XSS related email/question
> > and example URLs to click? Heh.
> >
> > Serg
> >
> >
> > On Thu, Apr 24, 2008 at 9:36 AM, Kristian Erik Hermansen
> > <kristian.hermansen@gmail.com> wrote:
> > > Just been noticing all the talk about Obama and Clinton sites and how
> > > the media keeps making a big deal out of all these XSS vulns, heh.
> > > However, I have a rather technical question about what, if anything,
> > > you can do when you have such a small buffer to exploit XSS? Check
> > > out this one I found and is not listed by xssed.com for
> > > hillaryclinton.com. You only get 5 chars to inject. So, are there
> > > any tricks that could possibly be used to expand the limitation via
> > > perhaps some unicode kung-fu here? Dunno, but thought it might be
> > > insteresting bring up because this is a common scenario in zip code
> > > search fields. The fix for Clinton is as simple as whitelisting the
> > > input field set to [0-9]...
> > >
> > >
> > http://www.hillaryclinton.com/actioncenter/event/?mt=0&d=250&z=%22%3EXSS&s=z&EventSearchAndResults%3A_ctl0.x=0&EventSearchAndResults%3A_ctl0.y=0
> > >
> > > Regards,
> > > --
> > > Kristian Erik Hermansen
> > > --
> > > "Clever ones don't want the future told. They make it."
> > >
> >
>
> --
> Sent from Gmail for mobile | mobile.google.com
>
>
>
> Kristian Erik Hermansen
> --
> "Clever ones don't want the future told. They make it."
>
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
