[WEB SECURITY] Need some help with one XSS Vector

Chintan Dave davechintan at gmail.com
Fri May 18 02:34:59 EDT 2012


Hi,

I am running into one issue with XSS and was interested if there is any way
I can bypass it.
Following the response code where user supplied input is embedded. Input is
taken via a text box.

*<script type="text/javascript">alert('No Information is found for the card
1');</script>*

User supplied input *1* is highlighted in red. I am trying to break out of
this alert box, however when a single quote is given as input, the output
is escaped using a backslash. It is as follows:
*
Input:*     *1'**
Output:** <script type="text/javascript">alert('No Information is found for
the card 1\'');</script>*

I am using IE 8 and tried using back ticks just to check if I can get
around this limitation, however it did not work.
Any suggestion on how to break out of this would be much helpful.

All characters except the *single quote, <!-- and </script>* are working.
Using a

I tried the following vector to escape out:

*Input:*     *1`);alert(1);(`'**);**
Output:** <script type="text/javascript">alert('No Information is found for
the card 1`);alert(1);(`');</script>

*Appreciate* *your help and support in advance.
*
*Thanks,*
*
-- 
Regards,
Chintan Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20120518/99cea031/attachment-0003.html>


More information about the websecurity mailing list