Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Can you exploit this XSS?
From: Paul Johnston (paulwestpoint.ltd.uk)
Date: Wed Nov 19 2003 - 06:51:17 CST
While auditing a web app, I've found the site redirects not found pages
to a login screen. This contains an element like:
<input type="hidden" name="tageturl" value="XXX">
Now, the XXX bit is controlled by the user, and it seems the only
characters escaped are " and & - i.e.
<script>alert(document.cookie)</script> gets through (hence my tool
Can this be exploited for XSS? I can't see how to immediately, but it
Internet Security Specialist
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031