[OWASP-Security101] Help with Proof of Concept - XSS

Mike Rodriguez rodriguezml at gmail.com
Thu Jun 28 03:07:08 UTC 2012


Have you tried a simple:

<script>alert(1)</script>

What are you seeing in the source? Is it encoded in any way?


On Wed, Jun 27, 2012 at 7:49 PM, Patrick Laverty
<patrick_laverty at brown.edu>wrote:

> I've identified a site where I can inject anything into the source,
> like basic text, html tags or images from any other site. I'd like to
> show the owner something a little more scary than that. I tried to add
> in <script type='text/javascript'>alert(1)</script> and that does go
> into the source, but I don't get the alert box to show. I did turn off
> my popup blocker in the browser. I tried most of the suggestions from
> the rsnake cheat sheet too.
>
> Any suggestions on what I could be missing?
>
> Thank you.
> _______________________________________________
> Security101 mailing list
> Security101 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/security101
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org
>


More information about the Security101 mailing list