New hacker tag added...
1 view
Skip to first unread message
Gareth
Dec 16, 2008, 10:35:59 AM12/16/08
to Hackvertor
Based on the research of Matt Presson and ascetik I've created a new
tag which converts strings into non-english equivalents and in some
circumstances they will be truncated and execute XSS. Details on this
can be found here:-
http://coding-insecurity.blogspot.com/2008/10/executing-scripts-with-non-english.html
and
http://pentesterconfessions.blogspot.com/2008/10/why-not-to-use-blacklists.html
A sample of the tag can be viewed here:-
<http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php?
input=PEBhc2NldGlrXzAoMSk
%2BPDxAL2FzY2V0aWtfMD5zY3JpcHQ8QGFzY2V0aWtfMSgxKT4%2BPEAvYXNjZXRpa18xPmFsZXJ0KDEpOzxAYXNjZXRpa18yKDEpPjw8QC9hc2NldGlrXzI
%2BL3NjcmlwdDxAYXNjZXRpa18zKDEpPj48QC9hc2NldGlrXzM%2B>
The param contains the character to create from 1 to 256
tag which converts strings into non-english equivalents and in some
circumstances they will be truncated and execute XSS. Details on this
can be found here:-
http://coding-insecurity.blogspot.com/2008/10/executing-scripts-with-non-english.html
and
http://pentesterconfessions.blogspot.com/2008/10/why-not-to-use-blacklists.html
A sample of the tag can be viewed here:-
<http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php?
input=PEBhc2NldGlrXzAoMSk
%2BPDxAL2FzY2V0aWtfMD5zY3JpcHQ8QGFzY2V0aWtfMSgxKT4%2BPEAvYXNjZXRpa18xPmFsZXJ0KDEpOzxAYXNjZXRpa18yKDEpPjw8QC9hc2NldGlrXzI
%2BL3NjcmlwdDxAYXNjZXRpa18zKDEpPj48QC9hc2NldGlrXzM%2B>
The param contains the character to create from 1 to 256
Reply all
Reply to author
Forward
0 new messages