Is there a way to bypass escape function in javascript?

Question

Is there a way to bypass escape function in javascript for exploiting a XSS vulnerability ?

What do you mean by ‘bypassing escape function in JavaScript’? — Gumbo, Nov 29 '11 at 08:58
If you're asking if there's a way to make the escape() function behave differently from how it is intended then this would likely amount of a browser specific vulnerability — Andy Smith, Nov 29 '11 at 09:49
I don't think you understand what an XSS vulnerability is. Its not a problem with JavaScript, its a problem with the server side code. (Except for dom based xss, but whatever.) — rook, Nov 29 '11 at 18:34

score 2 · Answer 1 · answered Nov 29 '11 at 18:36

Sure, lets say you have the following PHP code that is vulnerable to XSS:

<?php
print "<script>var t=escape('".$_GET['t']."')</script>";
?>

You can supply this file with the following XSS Prof of Concept to get an alert window:

http://localhost/xss.php?t=');alert('xss');//

Chris Dale · Answer 2 · 2011-12-01T15:24:57.097

1

If you need to override the escape function for whatever reason (I am assuming an already persistent XSS?) I am pretty sure you can override it by creating an anonymious function similar to this:

(function() {
   window.escape = function() {
      return true;
  };
})();

If however you are looking for general bypassing XSS filters I recommend reading and trying this XSS cheat sheet: http://ha.ckers.org/xss.html

edited Dec 01 '11 at 15:24

answered Nov 29 '11 at 14:41

Chris Dale

16,119
10
56
97

`window.escape = encodeURIComponent;` – Mike Samuel Dec 27 '11 at 18:52

Is there a way to bypass escape function in javascript?

2 Answers2