Monday, May 12, 2014

Hacktrick 2014 - Domify - Web Write-up

In this problem server was using the url we gave him directly in a onclick event of a hyperlink, which would leave a great xss vuln.

Onclick event was something like this:
<a href="#" onclick="someRedirectFunc('1337', 'index.php?click=');">

so i changed the link into this:
http://80.251.47.24/index.php?click=');window.stop();alert('sex

and then the event change into something bad very very bad :P :
<a href="#" onclick="someRedirectFunc('1337', 'index.php?click=');window.stop();alert('sex');">

The aim was to make the payload work on as much browser as possible, and most of the browsers were redirecting before or after the alert so we put the 'window.stop();' to stop the redirection but newer versions of IE has something called 'XSS Filter' which turned every paranthesis in the url into #. We did not bypass the filter but learned there is a way by using the data uris to pass that kind of filtering.

1 comment :

  1. Essay is essential one all understudies are make this papers a portion of the understudies are looking for articles in on the web. It have a many written work administration are accessible. In the event that you need to get from essay online a standout amongst the best essay writing service are accessible here.

    ReplyDelete