how to bypass htmlspecialchars function
3,424 views
Skip to first unread message
shaik kaleem
Jan 16, 2014, 12:18:57 PM1/16/14
to null-...@googlegroups.com
Hai how to bypass htmlspecialchats function. in dvwa with security high, all the data in reflected xss scenarios getting sanitized and converting the <> as Lt;gt; could not execute any script. Tried with many payloads. How to bypass this filter.??
Rahul Sasi
Jan 16, 2014, 12:56:10 PM1/16/14
to null-...@googlegroups.com
XSS is possible in scenarios where the user controlled value is inside an html tags which supports events. Also using data:// uri it is possible.
So now if attacker controlls vale inside <body > then he can add an event and execute JS.
<body onload="javascript:alert(1)">
On Thu, Jan 16, 2014 at 10:48 PM, shaik kaleem <kaleems...@gmail.com> wrote:
Hai how to bypass htmlspecialchats function. in dvwa with security high, all the data in reflected xss scenarios getting sanitized and converting the <> as Lt;gt; could not execute any script. Tried with many payloads. How to bypass this filter.??
--
_______________________________________________________________________________
nullcon goa V - spread love... not malware...
12-15th Feb 2014
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages