I'm testing a web application, when I send an input data to web application, this places the data in an onclick function, something like this: link
But, the web application transforms that data from lowercase to uppercase, then if I replace dataFromServer for ','0');alert('XSS');someFunction(', I have the following result: link
So, my XSS exploit doesn't work, because, the browser says "ALERT is undefined", I have tested on Firefox and IE.
Is there some way to execute a XSS in this case?
http://dlvr.it/S13616
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment