> <\script> in the response. When the same response is changed to > </script>, the script does get executed. > > > Obviously script isn't the only method to call > > javascript. > > I am looking for ways other than <script>...</script> and <img > src=javascript:...> to run javascripts. Any ideas on that? I was looking but most of the things I could think of involve something along the lines of <tag value=> I don't know of anything along the lines of <tag=bla> (without a space) If anybody does feel free to let me know :p > > > When > > you encode the entire string does it leave it or attempt any type of > > translation back? > > > > (aka does it simply not translate %20 or does it do this to every > > character?) > > > > All %xx s are left as they are in the response.. so they become pretty > much useless.. Yup. > > > > > - zenoat_private > > > > Thanks, > VAM. > > > > > > > > > > > Hey I am trying to figure out a way to exploit a webserver that is > > > supposedly vulnerable to XSS. The issues are: > > > 1. </SCRIPT> gets converted into <\SCRIPT> in the server response.. for > > > ScrIPT, etc too.. > > > 2. img%20src remains img%20src in the response.. (the server does no > > > decoding) > > > > > > so, I am not able to make IE/others execute the javascript embedded in > > > there. Is there any other way/ways of invoking javascript in the HTML > > > response from the server.. e.g. any other single-worded HTML tag etc that > > > can do something like what <img src=javascript:alert("hello")> does.. ? > > > > > > Thanks! > > > > > > > >
This archive was generated by hypermail 2b30 : Thu Dec 05 2002 - 15:43:45 PST