Bypass XSS filters (Paper)
#############################################
#Title : XSS, how to bypass filters         #
#Author : k3nz0                             #
#Contact : o9p@hotmail.fr                   #
#Category : Papers                          #
#Website : k3nz0.com                        #
#############################################
#################Tunisian####################
##################Hacker#####################
#############################################

This lessons is devided into 3 parts :
[1] Introduction
[2] Types of filters
[3] Conclusion

[1] Introduction :
Nowadays, most of "securised" websites, make filters to dont allow cross site scripting "injections", however, we can bypass
these filters by using the methods shown below :)

[2] Types of filters :
We will learn, how to bypass these xss filters :
  [+]Bypass magic_quotes_gpc (if its on )
  [+]Bypass with cryption in full html
  [+]Bypass with Obfuscation
  [+]Bypass with trying around method

############################################
[+]Bypass magic_quotes_gpc

When magic_quotes_gpc is on, it means that the server doesnt allow, ", / and (it depends)
to bypass it we use :
String.fromCharCode()
We write our code, in the () crypted in ASCII
exemple :
        String.fromCharCode(107, 51, 110, 122, 48)
(Here I crypted k3nz0 in ascii : 107, 51, 110, 122, 48
And we use it :
<script>String.fromCharCode(107, 51, 110, 122, 48)</script>
We will see : k3nz0
We bypassed magic_quotes_gpc :)

#############################################

[+] Bypass with cryption in full html :

Very simple, we have to encode our code in full HTTP!
Our code : <script>alert(i am here)</script>
And in full HTTP :
%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%69%20%61%6D%20%68%65%72%65%27%29%3C%2F%73%63%72%69%70%74%3E

Now, you can inject it :) !
Notice that you can use the tool "Coder" to do encode it in full HTTP
We bypassed filter.

#############################################

[+] Bypass with Obfuscation :

Very simple too, this filter, dont allows for exemple these words :
-script
-alert

To bypass it, you change "script" with for exemple "sCriPt", and "alert" with "ALerT" !
For exemple :
     <ScriPt>ALeRt("i am here")</scriPt>
We bypassed the filter.
##############################################

[+] Bypass with trying around method :

Generally, it is in the searchs scripts, we just add "> at the begining to close current fields :
exemple :
http://target.com/search.php?search="><script>alert("hello")</script>

We bypassed the filter.

###############################################

[3] Conclusion :

It was, how we can bypass xss filters, and how to inject our code :)
This lesson is explained by k3nz0
Thank you for reading

GREETZ : ALLAH ! Aymanos, v1r, kannibal615 , born to kill, & more..

################################################© Offensive Security 2010