String.fromCharCode output
49 views
Skip to first unread message
Álvaro
Nov 11, 2010, 12:50:38 PM11/11/10
to HackBar
I would like to propose an enhancement for this wonderful tool.
While doing a pentest, I have found that sometimes when you try to use
String.fromCharCode() in a XSS, the system escapes blankspaces, so I
thought that it would be better to suppress them because as far as I
know, they are not necessary.
That is my personal oppinion and I would like to know what you think
about it.
Álvaro
While doing a pentest, I have found that sometimes when you try to use
String.fromCharCode() in a XSS, the system escapes blankspaces, so I
thought that it would be better to suppress them because as far as I
know, they are not necessary.
That is my personal oppinion and I would like to know what you think
about it.
Álvaro
Pedro Laguna
Nov 11, 2010, 3:07:02 PM11/11/10
to hac...@googlegroups.com
Hi Alvaro,
Thanks for the comment but I prefer to keep this function with this
behaviour. This is because Hackbar is design not to make attacks easy
but to make web sites easy to test. And leaving a space between the
codes makes the URL easier to read.
But if you want to remove spaces you have an option in the "Other"
menu that will strip them :)
Cheers,
Pedro Laguna
Reply all
Reply to author
Forward
0 new messages