Programming Forums

Programming Forums (http://www.programmingforums.org/forumindex.php)
-   Coder's Corner Lounge (http://www.programmingforums.org/forum11.html)
-   -   tinyurl with query string? (http://www.programmingforums.org/showthread.php?t=15756)

kruptof May 3rd, 2008 6:23 AM
tinyurl with query string?
 
I am giving a demonstration on a Cross Site Scripting (Only to lecture). I am thinking of show a live exploit. I managed to find the vulnerability but my attack string is too long, the problem is with my domain it's too long. I tried tinyurl but they don't support the query string. Is there a service like tinyurl which allows you to use the query string.

This is nothing malicious and it's the requirement of the work to have a demonstration in the presentation.

MiKuS May 3rd, 2008 7:15 AM
Re: tinyurl with query string?
 
tiny url works like, it loads up the url using a rest technique http://tinyurl.com/2tx that 2tx is a uid in the tiny url database which pulls up whatever domain you fed to it (in the examples case, google.com) passing a perimeter to tinyurl itself will cause tinyurls server to discard what you send it see my example:

appending search?hl=en&q=cross+site+scripting&btnG=Search&meta= to my tiny url:
http://tinyurl.com/2tx/search?hl=en&...G=Search&meta=

but appending this same string to google's domain when i first entered 'google.com' would have avoided this
tinyurls server is not expecting this information and has no instructions to act on.

your domain is safe from your said cross site scripting attack, if i'm not mistaken.


All times are GMT -5. The time now is 4:19 AM.

Powered by vBulletin® Version 3.7.0, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2007 DaniWeb® LLC