jadecook wrote:Alright, say for instance I am hacking a form. Not just any form, an email form! Fill out name, email, etc, and after pressing submit it says, "Thank you NAME!". So I think to myself, hmmm and type in "<b>NAME</b>" in the name field then press submit. Then it comes out "Thank you NAME!". So now I try "<script>alert("hello");</script>" in the name field and press submit but nothing shows up! I check the source and you can see in the source it says "<script>alert("hello");</script>".
Why is this?
weekend hacker wrote:Also, if this is an email script, one other thing to look at besides XSS would be injecting newlines. Lookup how email headers look like, find out if perhaps you can alter them and maybe say.. send an email to 100 people instead of just 1.
Users browsing this forum: No registered users and 0 guests