usefulfor.com/security

From The Web Application Hackers Handbook a quick quiz:

An input validation mechanism designed to block cross-site scripting attacks performs the following sequence of steps on an item of input:

1.- strip any <script> expressions that appear
2.- truncate the input to 50 characters
3.- remove any quotation marks within the input
4.- url-decode the input
5.- if any items were deleted, return to step 1

how would you bypass it?

This entry was posted on Friday, February 22nd, 2008 at 3:59 am and is filed under Webapp security, hack-fu. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.