challenge in xss
The other day i read a tut about xss and how to bypass some securities.i was wondering what if the input was filtered and the text containing the word script , both in upper and lower , would be added with a [] ,that would lead to <[script]> or double pair , that would lead to <[[script]]> .. what can be done about it ?
BlaX wrote: …would be added with a [] ,that would lead to <[script]> or double pair , that would lead to <[[script]]> .. what can be done about it ?
markup<[script]>alert(/xss/)</[script]> and markup<[script]>alert(/xss/)<[/script]> both don't work. Apparently the browser doesn't recognize the script command because of the extra brackets. Neither do markup<[]script[]>alert(/xss/)<[]/script[]> and markup<[]script[]>alert(/xss/)</[]script[]>.
If you're thinking about escaping tags then just find out what tag you need to escape and figure out what to use to escape it, it's pretty simple. :)
thank u guys for the replies
oh well i i've been messing xss for a while now, and am surprised at just how many sites are vulnerable. most of them seem change the < > to < and >. is there some way to get around this thing ?
i searched a lot about this but didnt come up with much result.hope u can find some way
Have yo0u heard of the FF add-on XSS-me? That uses a bunch of common XSS tests to see if a site is vulnerable. It is a good way to see how many different types of attacks there are.
Also, you might already know this, in order to really understand how input is sanitized, you have to read the source before and after. That way you can see what you changed and what you might want to try and change.
Heres an example of XSS without the script tags: http://www.gnucitizen.org/blog/self-contained-xss-attacks/
If you google advanced XSS you'll learn pretty quickly.