XSS in PHP ManualMaker
Luny just came up with a few more obfuscation examples that were successful XSS vectors against PHP ManualMaker. One of them is the double open angle bracket vector that Steven Christey sent me, and the other is using a number of angle brackets and Hex encoding with padding. Pretty slick. Another nice example from Luny.
June 5th, 2006 at 2:47 pm
Yea, Rsnake I have to thank you for that xss cheatsheet. You justdon’t know how helpful it can be sometimes
Thanks for putting it up.
June 5th, 2006 at 2:52 pm
My pleasure, Luny, but I’m also not out there finding the vulns anymore. It takes guys like you to prove that this stuff is worthwhile. I am focusing mostly on what is possible, not necessarily what is useful, but it’s good to know it’s ended up being useful for people as well. I just call it how I see it. You’re doing some good work out there! Keep it up!
June 5th, 2006 at 8:32 pm
Ah, I wasn’t aware you don’t search for vulns anymore. However, I enjoy doing this, so I will continue finding them and reporting them. Hopefully as times wears on I will advance in skill like many others
June 5th, 2006 at 8:37 pm
Well, that’s probably an inaccurate thing to say. I do research vulns, but not in specific applications like you are doing. Not unless I happen to be messing with them for some other reason. Anyway, nice job.