You may try using Hex code equivalent of ASCII 7 characters
constituting full or partial injection string atleast the special
characters like < > /.
For ASCII 7bit Eg:
regular: <script>alert("123")</script>
hex: %3Cscript%3Ealert%28"123"%29%3C%2Fscript%3E
You may refer to the ASCII character table provided in the wiki link
given by Amar. Also, just for your information, most developers during
input validation, manage to find the scripts by using either keywords,
filtering special chars. One thing to be noted is that browsers
support various languages. So, if you wish to succeed in implementing
proof of concept of XSS, then think beyond. Your thoughts?
NOTE: There was a recent advisory that the above similar XSS was
possible in Googles' Message Center.
Regards
Sandeep Thakur
--
You received this message because you are subscribed to the Google Groups
"nforceit" group.
To post to this group, send an email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/nforceit?hl=en-GB.
