usefulfor.com/security security dojo

22Feb/080

security quiz: input validation bypass

From The Web Application Hackers Handbook a quick quiz:

An input validation mechanism designed to block cross-site scripting attacks performs the following sequence of steps on an item of input:

1.- strip any <script> expressions that appear
2.- truncate the input to 50 characters
3.- remove any quotation marks within the input
4.- url-decode the input
5.- if any items were deleted, return to step 1

how would you bypass it?

Popularity: 5% [?]

Share and Enjoy:
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • Meneame
  • Twitter
Filed under: Webapp security, hack-fu Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment


No trackbacks yet.

« dradis v1.1 is out ITN News Gadget – Script Injection Vulnerability »

Popular Posts

Categories

Archive