guestbook javascript redirect?

ghost

0 0

17 years ago

I find a guestbook vulnerable to javascript code. (like in the lesson)

it allows a javascript alert, but i tried to make it redirect to another website by writing "window.location = "http://thewebsite.com/"" but it wouldnt work. is there another way to do this?

ghost

0 0

17 years ago

window.location.href

ghost

0 0

17 years ago

what was the xss alert you used?

did it contain " in it?

ghost

0 0

17 years ago

yes, instead of using "http://google.com", u can try tu make it without quotes. i though it was somethink like the CHAR(98)?

ghost

0 0

17 years ago

location.replace("site.com");

spyware

Banned

0 0

17 years ago

mr noob wrote: location.replace("site.com");

Actually, you need to use the http infront of the url, otherwise it just moves to a local file.

The correct code would be: location.replace("http://site.com");

ghost

0 0

17 years ago

I got it, thanks for all your help :)