FUDforum: FUDforum 3.0+

Home » FUDforum Development » FUDforum 3.0+ » XSS

Show: Today's Messages :: Polls :: Message Navigator

Re: XSS [message #24506 is a reply to message #24496]

Fri, 29 April 2005 19:26

Cr00t

Messages: 16
Registered: February 2003
Location: Russia

Karma:

Junior Member

Ilia ��(�) ��, 29 �� 2005 16:18

ha? There is no XSS, the forum specifically checks for javascript in URL and img tags and preventsm it's usage, this has been there almost since version 1.0.

Yeap, there is a filter, like this:

if (strpos(strtolower($parms), 'javascript:') === false) {

but i can bypass it using special symbols, most of them in 16

if i type "javascrip&_#116;" (without "_" symbol) this filter works, but browser look at the code and execute "javascrip&_#116;" (without "_" symbol)!

::: don't gimme namez :::

Report message to a moderator

[Message index]

		XSS By: Cr00t on Fri, 29 April 2005 05:04
		Re: XSS By: Ilia on Fri, 29 April 2005 12:18
		Re: XSS By: Cr00t on Fri, 29 April 2005 15:30
		Re: XSS By: Cr00t on Fri, 29 April 2005 19:26
		Re: XSS By: Ilia on Fri, 29 April 2005 19:38
		Re: XSS By: Ilia on Sat, 30 April 2005 15:01
		Re: XSS By: Cr00t on Sat, 30 April 2005 19:38
		Re: XSS By: Ilia on Sat, 30 April 2005 19:52
		Re: XSS By: Cr00t on Sun, 01 May 2005 04:55
		Re: XSS By: htimsl on Wed, 20 June 2007 14:12

Previous Topic:	Spell Check Button Help
Next Topic:	Test Forums

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Thu Sep 19 21:37:12 GMT 2024

Total time taken to generate the page: 0.06149 seconds