Would this be classed as XSS vuln - Web Application Security

Mr. P-teo

So whilst helping a friend, just testing if his dad's site is secure i came across this

http://i25.lulzimg.com/14f508.jpg

Now th boxes when submitted had


&lt;script&gt;alert(\"XSS\")&lt;/scipt&gt;

And as you can see there is a quotation mark and a greater than symbol next to the box, does this mean it is vuln???

Xin

If you pm me the URL il check it out but you havent given much info

Mr. P-teo

PM'ed you, hope you can help

Xin

Cant recreate what you had but you spelt </script> </scipt>

Mr. P-teo

to recreate what i had, just type

<script>alert("")</script>

in all the fields, and just select anything for the dropdowns

m0rph

said:

to recreate what i had, just type

<script>alert("")</script>

in all the fields, and just select anything for the dropdowns

Try some of the tags displayed in this:


http&#58;//www&#46;thespanner&#46;co&#46;uk/2007/11/19/unusual-xss-vectors/

This one below is usually pretty good, and can be used very effectively for stored attacks...or demonstrations.


&lt;p onmouseover=alert(/XSS/)&gt;Some very long paragraph goes here&#46;&lt;/p&gt;

Xin

said:

to recreate what i had, just type

<script>alert("")</script>

in all the fields, and just select anything for the dropdowns

Yeah i did that and it didnt come up with what you had

Howdy, Stranger!

Top Posters

Who's Online (1)