Here??™s an example:
x onclick=alert(1)
This example shows that user-supplied strings can be placed anywhere in HTTP
responses. The list of possibilities is seemingly endless.
If you can perform HTML injection on any of the preceding instances, then the HTML
injection can be used for XSS anywhere on that domain. You can inject JavaScript into web
applications in many different ways. If your attempts ever result in corrupting the format of
the page, such as truncating the page or displaying script other than what you injected, you
have probably found an XSS that needs a little more polishing before it will work.
Re?¬‚ ected HTML Injection in Redirectors
Another great place for HTML injection is in redirectors. Some redirectors allow the user
to redirect to any URL. Unfortunately, javascript:alert(1) is a valid URL. Many
redirectors parse the URL to determine whether it is safe to redirect to. These parsers and
their programmers are not always the smartest, so URLs like this
javascript://www.anywhere.com/%0dalert(1)
and this
javascript://http://www.trustedsite.com/trustedDirectory/%0dalert(1)
may be accepted. In these examples, any string can be placed between the double slash
JavaScript comment (//) and the URL encoded new line (%0d).
Pages:
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116