Re: [WEB SECURITY] [Web Security] Double Trap XSS Injections.

[Aditya K Sood <zeroknock@xxxxxxxxxxx>]

Michal Zalewski wrote:
> On Wed, 21 Mar 2007, Aditya K Sood wrote:
>
>   
> > http://zeroknock.metaeye.org/analysis/dbltrap.xhtml
> >     
>
> Maybe I fail to understand this example, but how is this new? Here's an
> example of something similar, and it's certainly not the first mention of
> this:
>
> http://sla.ckers.org/forum/read.php?13,2033
>
> By the way, "' onLoad=alert(1)" would be a more neat option - no need for
> potentially filtered '<' and '>'...
>
> /mz
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS: 
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
>   
hi michael

                      Its all about double trapping. Well it occurs on 
ha.ckers.org official
website and  have undertaken reported this issue.It has already been 
patched.
Mainly we talk about single type XSS atuff but not exactly double trapping.

This is all.

Regards
Zeroknock

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]