XSS Filters: Beating Length Limits Using Shortened Payloads
The example uses a version of the "Magical Code Injection Rainbow" taken from OWASP’s Broken Web Application Project. Find out how to download, install and use this project.
Using the XSS vulnerability on the target site, the attacker's payload can be executed using:
This can be shortened further to:
We have used example.com to demonstrate the basic mechanics of this technique.
The payload is inserted in to the window.name attribute of the site under the control of the attacker.
When the victim uses the same browser tab to view the vulnerable website, the payload will remain accessible via window.name.
In practice, this technique is most likely exploited through the use of a hidden iframe which sets the payload from the attacker's site and then automatically redirects the iframed window to the vulnerable page on the target site.