Jump to content

Xss Defeating Poc : If Have Any Time For Experimentation


AbhishekKr
 Share

Recommended Posts

Same At Blog: http://hackersmag.blogspot.com/2010/09/xss...y-time-for.html

XSS Defeating PoC : if have any time for Experimentation

It's still in experimental state, if you find some time please try it and let me know of your experience. :rolleyes:

Video Demo of the same PoC:

Project Base: http://sourceforge.net/downloads/sitehoster/v1.0beta%20RC1/

WhitePaper is also available at SourceForge link above

and at : http://www.slideshare.net/AbhishekKr/white...-to-subvert-xss

I was working on a XSS-Patch PoC, which I now feel works proper enough to prove its point.

This neither require Web-Developers for any Filtering/Validation, nor any javascript blocking add-on on user's browser.

I'm not good at explaining still I've tried to do that in the above linked WhitePaper.

And the ZIP file can be extracted, having 'StartDemo.bat' to be executed to start the server already patched with XSS Subverting Module.

Then browse, 'http://localhost/tweet.htm' in any browser... and it lets you Submit any text to Server w/o validation which is as it is saved there. But when retrieved on 'Read...' remains inactive for any

Link to comment
Share on other sites

  • 2 weeks later...

new release: http://sourceforge.net/projects/sitehoster...v1.0beta%20RC2/

|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

Major Changes:

_______________

[ v1.0beta RC2 ]|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

[] there was a requirement raised by few users on un-availability of <script/> in <BODY/> tag after the applying XSS-Patch; which will slow Page Rendering.

So, this release is just with a small feature of allowing a <script/> to be added to <BODY/> tag.

For this, web developers need to add <script/> to head with 'DEFER' keyword like the one supported in Internet Explorer.

It's just that it doesn't expect browser to take care of it.

But, pulls out all <script/> with 'DEFER' from <HEAD/> and pushes it in Active Zone of <BODY/> tag.

Eg.

a Page like

[-----]

<html>

<head>

<TITLE>ABK</TITLE>

<script type='text/javascript' DEFER>alert('body1');</script>

<script DEFER='DEFER'>alert('body2');</SCRIPT>

<script>alert('head');</scripT>

<script src='dontknow.js' body/>

<script type='text/javascript'> alert('DEFer');</script>

</head>

<body>

a test page

</body>

</html>

[-----]

is changed to a Page

[-----]

<html>

<head>

<TITLE>ABK</TITLe>

<script>alert('head');</scripT>

<script src='dontknow.js' body/>

<script type='text/javascript'> alert('DEFer');</script>

</head>

<BD><BODY>

<script type='text/javascript'> x=document.getElementsByTagName("BODY");x[0].innerHTML = "a test page"</script>

<script DEFER> function b(){alert('its deferred 1');}</script>

<script DEFER="DEFER"> function c(){alert('its deferred 2');}</script></BODY></BD>

</html>

[-----]

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...