[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] [Web Security] Double Trap XSS Injections.

From: Michal Zalewski <lcamtuf@xxxxxxxxxxxx>
Subject: Re: [WEB SECURITY] [Web Security] Double Trap XSS Injections.
Date: Wed, 21 Mar 2007 16:06:45 +0100 (CET)

On Wed, 21 Mar 2007, Aditya K Sood wrote:

> http://zeroknock.metaeye.org/analysis/dbltrap.xhtml

Maybe I fail to understand this example, but how is this new? Here's an
example of something similar, and it's certainly not the first mention of
this:

http://sla.ckers.org/forum/read.php?13,2033

By the way, "' onLoad=alert(1)" would be a more neat option - no need for
potentially filtered '<' and '>'...

/mz

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] [Web Security] Double Trap XSS Injections.
  - From: Aditya K Sood

References:
- [WEB SECURITY] [Web Security] Double Trap XSS Injections.
  - From: Aditya K Sood

Prev by Date: [WEB SECURITY] ZombieMap - GEO Zombie Mapper
Next by Date: Re: [WEB SECURITY] [Web Security] Double Trap XSS Injections.
Previous by thread: [WEB SECURITY] [Web Security] Double Trap XSS Injections.
Next by thread: Re: [WEB SECURITY] [Web Security] Double Trap XSS Injections.
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site