xsssniper icon indicating copy to clipboard operation
xsssniper copied to clipboard

Published 20 hours ago verified publisher icon gbrindisi

Random seed may result in valid attribute

Open gbrindisi opened this issue 12 years ago • 2 comments

The randoms generated seed for the taint may result as a valid html attribute like href, src, etc.

https://github.com/gbrindisi/xsssniper/blob/master/core/payload.py#L14

Must blacklist common attributes names.

gbrindisi avatar Jul 24 '12 10:07 gbrindisi

Wouldn't it be better just to use long enough randoms so that it won't overlap with anything existing?

fgeek avatar Jun 03 '15 17:06 fgeek

Yes but since I've left the chance to set the seed length to the user, this problem could still occur. If you have better ideas I'd like to hear them!

gbrindisi avatar Jun 04 '15 09:06 gbrindisi