webappsec May 2009 archive
Main Archive Page > Month Archives  > webappsec archives
webappsec: Re: XSS - Double Quote break out and White Space filt

Re: XSS - Double Quote break out and White Space filtered

From: arvind doraiswamy <arvind.doraiswamy_at_nospam>
Date: Mon Jun 01 2009 - 03:18:54 GMT
To: Florian Weimer <fw@deneb.enyo.de>


Ha Ha no, its not homework at all; those days are gone. I edited the code a little before I posted. Its actually a Level in a wargame targeted only at XSS. Doing that is a nice way to improve skill. Yes I understand I have to target document.write() but it outputs everything back into double quotes, so how do I do it? Thnx anyway...

Arvind

On Sun, May 31, 2009 at 8:25 PM, Florian Weimer <fw@deneb.enyo.de> wrote:
> * arvind doraiswamy:
>
>> Here's a snapshot of the related code:
>>
>> <form action="blahblah.php" method="post">
>> document.write: <input type="text" name="p1" size="60" value="ggggg">
>> <input type="submit" value="reflect">
>> <pre><script>document.write("gggggg");</script></pre>
>> </form>
>
> Is this some sort of homework?
>
>> So as you see all reflection points are in double quotes and all key
>> characters are blocked off as mentioned earlier.
>>
>> An input in the text box of: < > : ; " ' ` = ( ) / \ * is reflected back as:
>> &lt; &gt; : ; &quot; &#039; ` = ( ) / \ *
>
> You need to target the document.write() call.
>