Bypass XSS filters (Paper)

EDB-ID:

15446

CVE:

N/A


Author:

k3nz0

Type:

papers


Platform:

Multiple

Date:

2010-11-06


#############################################
#Title : XSS, how to bypass filters         #
#Author : k3nz0                             #
#Contact : o9p@hotmail.fr                   #
#Category : Papers                          #
#Website : k3nz0.com                        #
#############################################
#################Tunisian####################
##################Hacker#####################
#############################################

This lessons is devided into 3 parts : 
[1] Introduction
[2] Types of filters
[3] Conclusion

[1] Introduction : 
Nowadays, most of "securised" websites, make filters to don't allow cross site scripting "injections", however, we can bypass
these filters by using the methods shown below :) 

[2] Types of filters : 
We will learn, how to bypass these xss filters :
  [+]Bypass magic_quotes_gpc (if it's on )
  [+]Bypass with cryption in full html
  [+]Bypass with Obfuscation
  [+]Bypass with trying around method

############################################
[+]Bypass magic_quotes_gpc

When magic_quotes_gpc is on, it means that the server doesn't allow, ", / and ' (it depends)
to bypass it we use : 
String.fromCharCode()
We write our code, in the () crypted in ASCII
exemple : 
        String.fromCharCode(107, 51, 110, 122, 48)
(Here I crypted k3nz0 in ascii : 107, 51, 110, 122, 48
And we use it : 
<script>String.fromCharCode(107, 51, 110, 122, 48)</script>
We will see : k3nz0 
We bypassed magic_quotes_gpc :) 

#############################################

[+] Bypass with cryption in full html : 

Very simple, we have to encode our code in full HTTP!
Our code : <script>alert('i am here')</script>
And in full HTTP : 
%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%69%20%61%6D%20%68%65%72%65%27%29%3C%2F%73%63%72%69%70%74%3E

Now, you can inject it :) ! 
Notice that you can use the tool "Coder" to do encode it in full HTTP 
We bypassed filter.

#############################################

[+] Bypass with Obfuscation : 

Very simple too, this filter, don't allows for exemple these words : 
-script
-alert

To bypass it, you change "script" with for exemple "sCriPt", and "alert" with "ALerT" ! 
For exemple : 
     <ScriPt>ALeRt("i am here")</scriPt>
We bypassed the filter.
##############################################

[+] Bypass with trying around method : 

Generally, it is in the searchs scripts, we just add "> at the begining to close current fields : 
exemple : 
http://target.com/search.php?search="><script>alert("hello")</script>


We bypassed the filter.

###############################################

[3] Conclusion : 

It was, how we can bypass xss filters, and how to inject our code :) 
This lesson is explained by k3nz0
Thank you for reading 

GREETZ : ALLAH ! Aymanos, v1r, kannibal615 , born to kill, & more.. 

################################################