Taras,
On Mon, Sep 17, 2012 at 5:36 PM, Taras wrote:
> Andres,
>
> Hi!
>
> There is nothing new in this post. The author have found that ok, we can use
> back slash to escape single quote...
Yep, I know its nothing new, but just wanted to know if it was covered
by your code,
> But we can add ba
Andres,
Hi!
There is nothing new in this post. The author have found that ok, we can
use back slash to escape single quote...
But we can add back slash as context breaker symbol for quoted strings
in JS context.
> Have you seen this? [0] Do you think it would be a good idea to
> have cove
LOL, [0] is a nice example why blacklist are no good for data validation
even worse in this example is that it trys data sanitation.
So a fuzzer (like w3af) should test each character for it's own. In this case
checking " ' ` \ would be sufficient. A more sophisticated test would also try
(URL-cod
Taras,
How're you doing? I hope things are well,
Have you seen this? [0] Do you think it would be a good idea to
have coverage/contexts for it?
[0]
http://nileshkumar83.blogspot.com.ar/2012/05/bypassing-xss-filter-in-alert-msg-box_18.html
Regards,
--
Andrés Riancho
Project Leader at w