This site is soon to be deprecated by

Sunday, October 4, 2009

Bypassing Revisited -

The technique I previously blogged about still works, but has fixed the XSS vulnerability used in that posting. Here's a hole in another whitelisted site:')}window.location='';{('

Just as before 01 is prefixed to the XSS redirect URL, then the result is Base64 encoded and appended to


  1. If you could tell us noobs what you said, then I'd be happy.

  2. Sure thing. What are you hung up on?

  3. " 01 is prefixed to the XSS redirect URL"

    Not really sure what this means, as I'm new to the java world. I've seen how XSS affects sites when scripts are placed into search bars, but to redirect using whitelisted sites, tough.

    " the result is Base64 encoded and appended "

    I'm guessing after encoding we add the code to

    I'm stuck at the first part.

  4. It's pretty simple. In this example you would base64 encode 01')}window.location='';{('

    And you have step two correct.

  5. Stadtpalais in Frankfurtinkjet ink cartridges
    I like this post
    although its not studied this but I love writing code and learning of information technology.