The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Although the original script now contains an error, this does not matter

because the browser moves on and executes your injected script 

regardless of the error in the original script.

■■

In the previous two attacks, where you are able to take control of a

marks because these are being escaped, you can use the 

String.from-

CharCode

■

Attacking Other Users

70779c12.qxd:WileyRed  9/14/07  3:14 PM  Page 410

T I P

In several of the filter bypasses described, the attack results in HTML that

Download 5,76 Mb.

Do'stlaringiz bilan baham: