Ok now we are going to learn about some good techniqes. I have came across many
sites where 'Magic Quotes' is on and therfore rendering some commands useless. Fear not, i have come up with a way using char codes (Decimals), to convert char code to Ascii. The functions to turn CharCodes (Decimals) into ASCII, you can find a complete table here
http://www.asciitable.com/
http://easycalculation.com/
This will help you write what you want, In my examples ill be writing "HOC" this is the following code
72 79 67
Ok now we got the Decimal value of our string, we need to know what function in javascript converts this.
String.fromCharCode()
is suitable for this kinda things, its easy to setup, im gona give it my args below.
String.fromCharCode(72, 79, 67)
Ok now "String.fromCharCode(72, 79, 67)" Is a JAVA (ASCII) way of saying "HOC".
And to use this with alerts etc, you dont need to use quotes, as it acts as a variable.
<script>alert(String.fromCharCode(72, 79, 67))</script>
For More Script Coding Of XSS Visit
http://ha.ckers.org/xss.html
Source:http://ha.ckers.org
No comments:
Post a Comment