Follow us on Twitter!
Hacking isn't just Computers & Exploits. It's a Philosophy. - Mr_Cheese
Friday, April 25, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 11
Guests Online: 11
Members Online: 0

Registered Members: 82910
Newest Member: toni7
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

bypassing xss filter


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-06 21:29
Is there any known way to bypass filter on img form:
Filter add http:// after src=, after that I can add JS, but it doesn't work because of http.
Hope I explain it ok.
Tnx
Author

RE: bypassing xss filter


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-06 22:14
I find another way Wink
Author

RE: bypassing xss filter


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-06 22:23
Um, I'm not quite sure what you're trying to say...try listing some examples and whatnot.
Author

RE: bypassing xss filter


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-06 23:24
I know this article it is realy useful. I found another option to complete the same thing, but I am still interested in old question (I am not really sure it can even be bypassed).
Example:
I can add for example:
Code

javascript:alert(document.cookie)




into BB img tag (with some variatons). It create output in html:
Code

<img src="http://javascript:alert(document.cookie)">




As you see it add http:// which disable javascript, so I am asking for a way to bypass this.