Programming Forums
User Name Password Register
 

RSS Feed
FORUM INDEX | TODAY'S POSTS | UNANSWERED THREADS | ADVANCED SEARCH

Reply
 
Thread Tools Display Modes
Old May 3rd, 2008, 5:23 AM   #1
kruptof
Professional Programmer
 
kruptof's Avatar
 
Join Date: May 2006
Location: UK - London
Posts: 327
Rep Power: 3 kruptof is on a distinguished road
tinyurl with query string?
I am giving a demonstration on a Cross Site Scripting (Only to lecture). I am thinking of show a live exploit. I managed to find the vulnerability but my attack string is too long, the problem is with my domain it's too long. I tried tinyurl but they don't support the query string. Is there a service like tinyurl which allows you to use the query string.

This is nothing malicious and it's the requirement of the work to have a demonstration in the presentation.
__________________
Quote:
When I was young it seemed that life was so wonderful,a miracle, oh it was beautiful, magical.
Now watch what you say or they'll be calling you a radical,a liberal, oh fanatical, criminal. Oh won't you sign up your name,we'd like to feel you're acceptable, respectable, oh presentable, a vegetable
kruptof is offline   Reply With Quote
Old May 3rd, 2008, 6:15 AM   #2
MiKuS
Programmer
 
Join Date: Jun 2007
Posts: 88
Rep Power: 2 MiKuS is on a distinguished road
Re: tinyurl with query string?
tiny url works like, it loads up the url using a rest technique http://tinyurl.com/2tx that 2tx is a uid in the tiny url database which pulls up whatever domain you fed to it (in the examples case, google.com) passing a perimeter to tinyurl itself will cause tinyurls server to discard what you send it see my example:

appending search?hl=en&q=cross+site+scripting&btnG=Search&meta= to my tiny url:
http://tinyurl.com/2tx/search?hl=en&...G=Search&meta=

but appending this same string to google's domain when i first entered 'google.com' would have avoided this
tinyurls server is not expecting this information and has no instructions to act on.

your domain is safe from your said cross site scripting attack, if i'm not mistaken.
Last edited by MiKuS; May 3rd, 2008 at 6:16 AM. Reason: fixed url
MiKuS is offline   Reply With Quote
Reply

Bookmarks

« Previous Thread in Forum | Next Thread in Forum »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
An Attempt at a DBMS grimpirate PHP 8 Apr 17th, 2007 1:01 PM
Throwing an exception when using string constructor csrocker101 C# 3 Apr 8th, 2007 2:04 PM
Help with breaking apart a string csrocker101 C# 6 Apr 6th, 2007 7:50 AM
Function Parameters grimpirate PHP 10 Mar 14th, 2007 6:55 PM
Query String not being read aznluvsmc Perl 1 Oct 28th, 2005 5:36 PM


Contact Us - DaniWeb IT Discussion Community - Privacy Statement - Top


DaniWeb IT Discussion Community
All times are GMT -5. The time now is 4:54 AM.

Powered by vBulletin® Version 3.7.0, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2007 DaniWeb® LLC