[WEB SECURITY] Need some help with one XSS Vector
davechintan at gmail.com
Sat May 19 03:42:28 EDT 2012
Yes actually, we were able to bypass using the same technique.
We just injected an extra slash to nullify escaping & ended the payload with comment
Appreciate all your help.
Sorry for brevity, sent from my iPod,
On 19-May-2012, at 12:37 PM, MaXe <owasp at intern0t.net> wrote:
> If backslashes aren't escaped properly (with a backslash), try this:
> This should result in:
> If there's two backslashes, the first one will nullify (escape) the second
> one, meaning the apostrophe won't be escaped.
> Best regards,
> On Fri, 18 May 2012 12:04:59 +0530, Chintan Dave <davechintan at gmail.com>
>> I am running into one issue with XSS and was interested if there is any
>> I can bypass it.
>> Following the response code where user supplied input is embedded. Input
>> taken via a text box.
>> User supplied input *1* is highlighted in red. I am trying to break out
>> this alert box, however when a single quote is given as input, the
>> is escaped using a backslash. It is as follows:
>> Input:* *1'**
>> the card 1\'');</script>*
>> I am using IE 8 and tried using back ticks just to check if I can get
>> around this limitation, however it did not work.
>> Any suggestion on how to break out of this would be much helpful.
>> All characters except the *single quote, <!-- and </script>* are
>> Using a
>> I tried the following vector to escape out:
>> *Input:* *1`);alert(1);(`'**);**
>> the card 1`);alert(1);(`');</script>
>> *Appreciate* *your help and support in advance.
More information about the websecurity