[Full-disclosure] [WEB SECURITY] Useful technique when performing XSS
pdp (architect)
pdp.gnucitizen at googlemail.com
Wed Feb 7 20:14:12 GMT 2007
Amit,
:) This is not about who did it first. BTW, your example is broken.
location.search does not include the fragment identifier.
Cheers
On 2/7/07, Amit Klein <aksecurity at gmail.com> wrote:
> pdp (architect) wrote:
> > http://www.gnucitizen.org/blog/playing-in-large
> >
> > Basically this article is about how to squeeze more data into size
> > restricted, unsanitized field. This technique can also be used to hide
> > attackers activities.
> >
> It seems that you've stumbled upon something I already disclosed:
> http://www.webappsec.org/lists/websecurity/archive/2005-10/msg00030.html
>
> Sorry...
> -Amit
>
>
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
Full-Disclosure is hosted and sponsored by Secunia.