Hosting Provided By

XSS question.

From: VAM <thebigbadwolf(at)fastmail.fm>
Date: Wed Dec 04 2002 - 17:32:32 EST

Hey I am trying to figure out a way to exploit a webserver that is supposedly vulnerable to XSS. The issues are: 1. </SCRIPT> gets converted into <\SCRIPT> in the server response.. for ScrIPT, etc too..
2. img%20src remains img%20src in the response.. (the server does no decoding)

so, I am not able to make IE/others execute the javascript embedded in there. Is there any other way/ways of invoking javascript in the HTML response from the server.. e.g. any other single-worded HTML tag etc that can do something like what <img src=javascript:alert("hello")> does.. ?

Thanks! Received on Thu Dec 5 14:07:18 2002

This message: [ Message body ]
Next message: Seymour, Keith: "RE: TOTAL WIRELESS SECURITY"
Previous message: Romulo M. Cholewa: "RES: IIS Vulnerability Content-Type overflow [DH-7XC4RA3]"
Next in thread: zeno: "Re: XSS question."
Reply: zeno: "Re: XSS question."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:37 EDT