| Author |
Bypassing striphtmlchars() |
SaMTHG
Member
Posts: 145
Location:
Joined: 27.03.08
Rank: God |
|
Basiaclly I was wondering if anyone knows how to properly bypass this. I know that if I encode the html tag (<scblockedript> into:
Decimal NCRs:*scblockedript
Hexadecimal NCRs:<scblockedript>
And probebly more like UTF-7/8 or something but when I try stuff like(Decimal NCRs - "><scblockedript>alert(1)</scblockedript>:
"*scblockedriptalert(1)*/scblockedript
On the site it allows it to be added but the alert isn't there (it wil say something like: No results found for "><scblockedript>alert(1)</scblockedript> So if anyone could help me out that would be great.
Edit: Decimal NCRs: = <scblockedript> encoded in Decimal NCRs:same with Hexadecimal NCRs: where it says (Decimal NCRs - "><scblockedript>alert(1)</scblockedript>: it means "><scblockedript>alert(1)</scblockedript> encoded in Decimal NCRs thats where it says "*scblockedriptalert(1)*/scblockedript (to avoid XSS on the forum)
Sorry for being such a twat/moron/imbecile/retard/spaz I wasn't thinking  *I hang my head in shame* P.S a place to convert them blockedripts/uniview/conversion.php'target='_blank'>http://rishida.net/scblockedripts/uniview/conversion.php Once again sorry
Thanks
SaMTHG
There's no place on earth where there can be too much logic whatever form it's in.©
I rented a huge book from the library about mouth diseases-the colours were beautiful©[big]hello[/big]
http://www.black-zero.com
Sweet sig K_I_N_G thanks
This is like virtual life just without the sword's and helmet's.©
Edited by SaMTHG on 07-09-08 20:56 |
|
| Author |
RE: Bypassing striphtmlchars() |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
Can't understand a thing you're trying to say. Also; smileys.
"The chowner of property." - Zeph “Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.” - Carl Sagan “Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert |
|
| Author |
RE: Bypassing striphtmlchars() |
SaMTHG
Member
Posts: 145
Location:
Joined: 27.03.08
Rank: God |
|
Sorry I didn't think. HBH filters decoded the encoded scblockedript
There's no place on earth where there can be too much logic whatever form it's in.©
I rented a huge book from the library about mouth diseases-the colours were beautiful©[big]hello[/big]
http://www.black-zero.com
Sweet sig K_I_N_G thanks
This is like virtual life just without the sword's and helmet's.© |
|
|
| Author |
RE: Bypassing striphtmlchars() |
Night_Stalker
Member
Posts: 329
Location:
Joined: 01.02.07
Rank: Elite
Warn Level: 10
|
|
SaMTHG wrote:
Basiaclly I was wondering if anyone knows how to properly bypass this. I know that if I encode the html tag (<sc blockedript> into:
Decimal NCRs:*sc blockedript
Hexadecimal NCRs:<sc blockedript>
And probebly more like UTF-7/8 or something but when I try stuff like(Decimal NCRs - "><sc blockedript>alert(1)</sc blockedript> :
"*sc blockedriptalert(1)*/sc blockedript
On the site it allows it to be added but the alert isn't there (it wil say something like: No results found for "><sc blockedript>alert(1)</sc blockedript> So if anyone could help me out that would be great.
Thanks
SaMTHG
Only incompetent fools put smilies inside their scblockedripts, and end their posts with their name even though it is included in their sig...
EDIT: Wait, I was thinking you were yous3lf, I was going to come to congradulate you on another worthless post, but then realized you aren't him... But the smiles do make it look like a foolish, incompetent homosexual posted it...
Edited by Night_Stalker on 07-09-08 21:00 |
|
|
| Author |
RE: Bypassing striphtmlchars() |
Zephyr_Pure
Member
Posts: 2402
Location:
Joined: 15.09.06
Rank: God |
|
|
Night_Stalker wrote:
Only incompetent fools put smilies inside their scblockedripts, and end their posts with their name even though it is included in their sig...
EDIT: Wait, I was thinking you were yous3lf, I was going to come to congradulate you on another worthless post, but then realized you aren't him... But the smiles do make it look like a foolish, incompetent homosexual posted it...
Okay, okay, a simple "disable your smilies when you post code" would've sufficed. It's not like you have any grounds to judge anyone else here, anyways.
I still check PMs from time to time.
Our responses were moronic, why shouldn't he follow suit? - Futility |
|
|
Main:
