Follow us on Twitter!
The measure of a mans life is not how well he dies, but how well he lives.
Wednesday, August 24, 2016
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 24
Guests Online: 22
Members Online: 2

Registered Members: 95185
Newest Member: popodx
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

bypassing xss filter


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-06 21:29
Is there any known way to bypass filter on img form:
Filter add http:// after src=, after that I can add JS, but it doesn't work because of http.
Hope I explain it ok.
Tnx
Author

RE: bypassing xss filter


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-06 22:14
I find another way Wink
Author

RE: bypassing xss filter


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-06 22:23
Um, I'm not quite sure what you're trying to say...try listing some examples and whatnot.
Author

RE: bypassing xss filter


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-06 23:24
I know this article it is realy useful. I found another option to complete the same thing, but I am still interested in old question (I am not really sure it can even be bypassed).
Example:
I can add for example:
Code

javascript:alert(document.cookie)




into BB img tag (with some variatons). It create output in html:
Code

<img src="http://javascript:alert(document.cookie)">




As you see it add http:// which disable javascript, so I am asking for a way to bypass this.