HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 53 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Otherarrow XSS
EH-Net
May 24, 2012, 05:53:07 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: XSS  (Read 4412 times)
0 Members and 1 Guest are viewing this topic.
lovewadhwa
Newbie
*
Offline Offline

Posts: 16


View Profile
XSS
« on: July 26, 2007, 04:49:41 AM »
Hi all
i am receiving the following  in my access logs  if i do run a scanner indicating that XSS test has been successful.

%A7%A2%BE%BC
%F3%E3%F2%E9%F0%F4%BE%E1%EC%E5%F2%F4%A8%A7XSS%20Test%20Successful%A7%A9%
BC%AF%F3%E3%F2%E9%F0%F4%BE

I could not get the conversion of it although i have consulted many conversion tables.Normally for XSS to be successful we have to use either "script" or "<" or ">" and many more.But i am not getting the conversion of the above to these characters.So i need to know to what exactly is this getting converted and how it has resulted in XSS.
Logged
lovewadhwa@gmail.com
jimbob
Guest
« Reply #1 on: July 26, 2007, 07:51:10 AM »
Hi,
Just to clarify, can you confirm you're running a tool to test for XSS on your site and see a JavaScript popup box. What tool are you running and on what web server?

The encoding looks strange, it's clearly not all ASCII-7 and eight-bit ASCII just shows garbage. Perhaps the tools is sending unicode and this is mangling the web server access logs.

Jim
Logged
lovewadhwa
Newbie
*
Offline Offline

Posts: 16


View Profile
« Reply #2 on: August 02, 2007, 06:36:38 AM »
hi
I do have to prevent XSS but i don't have the idea what exactly character set encoding has to do with this.If i do filter some special characters , then i believe that would be a solution for XSS.But then where this encoding specification comes into play and what exactly it means.Moreover if i filter the special characters by converting them to their hex equivalents then i believe XSS could even be launched from hex equivalents.Plz provide me a good information explaining the whole business.This is getting confusing.i read the article at
http://www.cert.org/tech_tips/malicious_code_mitigation.html
but it seems to be confusing regardin charset encoding and all that.Plz help
Logged
lovewadhwa@gmail.com
Craig
EH-Net Columnist
Jr. Member
*****
Offline Offline

Posts: 69


View Profile WWW
« Reply #3 on: August 02, 2007, 08:02:56 PM »
ilovewadhwa,

I have no idea what encoding this is using (don't know much about the different character encodings), but each hex value is 128 bytes above the normal ASCII values. This is interesting because ASCII values range from values 0-127. Subtracting 128 from each encoded value and converting it to ASCII gives you:

'"><script>alert('XSS Test Successful')</script>

Which is a pretty standard XSS test string. Whatever encoding it is using, it's probably not supported by most Web applications, so unless you are using some special encoding it probably isn't working (it depends though).

Like jimbob said, it's not ASCII-7 or regular ASCII. Also doesn't appear to be UTF-8 or unicode. If you could tell us if this string actually produces a pop-up box, and if so, what type of Web application/database you are using, it would help.
« Last Edit: August 02, 2007, 08:14:33 PM by heffnercj » Logged
http://www.sourcesec.com
lovewadhwa
Newbie
*
Offline Offline

Posts: 16


View Profile
« Reply #4 on: August 07, 2007, 12:04:44 AM »
hi
thanx a lot 4 ur assistance.it isn't producing any pop box.

What i do need to know is that how encoding specification in html coding helps preventing these attacks.Means i have been reading articles on the same and they say that specifying the character encoding helps prevent XSS since it helps in determining special characters.Now i am n;t getting this.Plz explain how does that happen and how charset encoding specification helps prevent XSS.
Logged
lovewadhwa@gmail.com
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.22 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.