Lab, Web Security

XSSing with PHP ROT13 decoding

Hello everyone,

I m trying to write a tool for encode / decode in this days. PHP has many function to encode / decode such as rot13.

Here is the example code for rot13 encrypt decrypt function.

What will be output?

Ok. This is normal process for ROT13. Lets think bigger for XSS.

Lets inject

as a string.

What happen in source code?

is the encrypted text. Lets inject this code to decrypt.

Bingo bro xD

Ok this is first step for this blogpost. By getting this logic , i searched some website for ROT 13 decoder which is written PHP or JavaScript DOM.

First Found with PHP function

Second found:

(This is not written in PHP , coded with JavaScript). But output can escape in DOM element.

Output is embeded in textarea markup. Lets try to escape our output.

Ok we got it. Time to prepare vector.

script tag is not work for this site. Just use event handlers with agnostic markup like xml tag.

Thanks for reading

Previous Post Next Post

You Might Also Like

No Comments

Leave a Reply