xss input

I have come across a vulnerability on a site however I have noticed that the vulnerability only responds to the following input: markup"><script>alert('TEST')</script> So in other words this doesn't work: markup<script>alert('TEST')</script>

My question is why would using the "> make it function properly? Is that how the server interprets a set of direct server input or something of that nature?

You have to close another tag first.

Example: <input text="<XSS HERE>">blah</input>

So the > closes the tag. And the tag it is closing is the tag for the search. So I close the search and then I am free to XSS. I am not going to though. Not on this site. I may just warn them to fix the issue. Other whys I am gong to stay out of it. I was only wondering about the closing tag. Thanks.

chronicburst wrote: So the > closes the tag. And the tag it is closing is the tag for the search. So I close the search and then I am free to XSS. I am not going to though. Not on this site. I may just warn them to fix the issue. Other whys I am gong to stay out of it. I was only wondering about the closing tag. Thanks.

">

spyware wrote: You have to close another tag first.

Example: <input text="<XSS HERE>">blah</input>

As spyware pointed out, it closes the other quotes and tags This is what you'll get when you use the "> instead of just the <script>…</script>

<input text="">[XSS]</input> So it executes whats out side of the <input text=""> instead of whats inside the quotes.

Sorry if i couldn't be more informative but I don't know how to explain it any better than that.

Hope this helped.

…bit of a nasty echo in here, isn't there? Weird. Thought HBH was too shallow to be able to echo.

spyware wrote: …bit of a nasty echo in here, isn't there? Weird. Thought HBH was too shallow to be able to echo.

I was just trying to help.

**DarkMantis wrote:**I was just trying to help.

Help… elp.. elp..

¬_¬

Haha alright understood. Thanks spyware. And you too mantis (for trying).