|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Can you exploit this XSS?
From: Paul Johnston (paul
westpoint.ltd.uk)
Date: Wed Nov 19 2003 - 06:51:17 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
While auditing a web app, I've found the site redirects not found pages
to a login screen. This contains an element like:
<input type="hidden" name="tageturl" value="XXX">
Now, the XXX bit is controlled by the user, and it seems the only
characters escaped are " and & - i.e.
<script>alert(document.cookie)</script> gets through (hence my tool
alerted me).
Can this be exploited for XSS? I can't see how to immediately, but it
seems possible.
Paul
--
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paulwestpoint.ltd.uk
web: www.westpoint.ltd.uk
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]