FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » FUDforum 3.0+ » XSS
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: XSS [message #24506 is a reply to message #24496] Fri, 29 April 2005 19:26 Go to previous messageGo to previous message
Cr00t is currently offline  Cr00t   Russian Federation
Messages: 16
Registered: February 2003
Location: Russia
Karma:
Junior Member
Ilia писал(а) Птн, 29 Апреля 2005 16:18

ha? There is no XSS, the forum specifically checks for javascript in URL and img tags and preventsm it's usage, this has been there almost since version 1.0.


Yeap, there is a filter, like this:

if (strpos(strtolower($parms), 'javascript:') === false) { 


but i can bypass it using special symbols, most of them in 16

if i type "javascrip&_#116;" (without "_" symbol) this filter works, but browser look at the code and execute "javascrip&_#116;" (without "_" symbol)!


::: don't gimme namez :::
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Spell Check Button Help
Next Topic: Test Forums
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 23:28:03 GMT 2024

Total time taken to generate the page: 0.04976 seconds