Because the of the lack of HTML encoding, tags can be injected using the search forum search feature assuming no results are found. Testing this with H1 tags yields the expected results.
However, attempting the same thing with script results in the page being rendered only up to to the opening tag.
But by adding a single character after the closing script tag, the filter causing this behavior can be sidestepped.
http://craigslist.org/forums/?SQ=fffffffff<script>alert(0)</script>f&act=RSR&forumID=8
Monday, September 7, 2009
Subscribe to:
Post Comments (Atom)
is it possible for a site like CL to have the ability to differentiate between a proxy ip and a non-proxy? any one have any tips on how to deal with this issue? thanks.
ReplyDeletenorton promo bike shop melbourne
By utilizing specifically chosen partners, organizations and keeping overheads to minimum we provide high quality, cost efficient consulting and security solutions to the corporate marketplace. Secure Bytes identifies security risks, prioritizes them according to their severity and suggests methods of mitigation.
ReplyDeleteit security
increase youtube views