Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: 5 char XSS?
Apr 29 2008 06:25AM
kuza55 (kuza55 gmail com)
While this doesn't seem to apply to this particular bug, usually if
you have a short unfiltered injection then your best bet is to look
for a filtered injection later in the page and do a fragmentation
attack in 5 chars like this: (the </b=" is your unfiltered injection;
if they use " for quotes, yo...
[ more ]
Copyright 2010, SecurityFocus