Unsanitized Data – An XSS Case Study                                 Chapter 4

            The filter undoubtedly has some holes in it, but it does function at the most basic level by
            stripping out the  TDSJQU  tags. Going through the XSS snippet lists we have in our
            4FDMJTUT repository, we find another one to try, ensuring the HTML tag is likely to be
            included in a form input meant to allow formatting code:

                 B PONPVTFPWFS  BMFSU EPDVNFOU DPPLJF   YYT MJOL  B
            EPDVNFOU DPPLJF is a glimpse of our proposed attack scenario and a simple piece of data
            to surface via BMFSU  :
































            Going through the submission process again, we receive a different response. Success! Our
            strategy, using a boring formatting tag to Trojan-horse a malicious payload contained in its
            attribute, worked, and we now have a confirmed vulnerability to report:
















                                                    [ 68 ]