onmouseover attributes added to user submitted markup via HTTP proxy are not stripped.
Exploit: Create a new link, add a description, and set the HTML to <h1>test</h1>. Submit the form and capture the request using an HTTP proxy (e.g. Fiddler). Change the post[three] value to <h1 onmouseover="alert(0)">test</h1> and resume the request.
PoC: http://asdfffffffff.tumblr.com/
Saturday, May 8, 2010
Subscribe to:
Post Comments (Atom)
This post is truly informative. Really quality post. In theory I would like to write like this also - taking time and real effort to make a good article. Wildcard SSL
ReplyDeleteTranscutaneous electrical nerve muscle stimulation machines are an effective pain management device that has been developed to help people with all kinds of pain problems. It varies from the management of chronic and enduring pains to short term pains that are more intense and require a remedy that will help reduce the effects of such a pain.
ReplyDeletecruiseshipjobs
Cashmere Pashmina
Malting grain produces enzymes that convert starches in the grain into fermentable sugars. Different roasting times and temperatures are used to produce different colours of malt from the same grain. Darker malts will produce darker beers.
ReplyDeleteon hold players
non profit fundraiser
Can you explain what you mean by the 'post[three]' value please. Thanks!
ReplyDeletecoach outlet store
ReplyDeleteyeezy
salvatore ferragamo belt
nike react flyknit
kyrie 6
golden gooses
golden goose
golden goose
balenciaga shoes
yeezy boost
replica bags in pakistan replica bags vancouver 9a replica bags
ReplyDeleten3x21x5g01 k2d24u1h71 s2n23w0g90 y8b89t8w20 m5f31d2g36 k5r92o9s44
ReplyDeletei6z77m6w42 u0l74x6b80 g0f45c4f37 v1o48z6y66 q8a36q0e47 v2s22i4m74
ReplyDelete