XSSのチートシートにざっと目を通しておきたい

[remotelocal]

https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet

[remotelocal]

よくわからなかった。

XSS Locator Inject this string, and in most cases where a script is vulnerable with no special XSS vector requirements the word "XSS" will pop up. Use this URL encoding calculator to encode the entire string. Tip: if you're in a rush and need to quickly check a page, often times injecting the depreciated "

&quot; tag will be enough to check to see if something is vulnerable to XSS by messing up the output appreciably:</p> <pre><code>';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- &gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt; XSS locator 2</code></pre> <p>If you don't have much space and know there is no vulnerable JavaScript on the page, this string is a nice compact XSS injection check. View source after injecting it and look for &lt;XSS verses &lt;XSS to see if it is vulnerable:</p> <pre><code>'';!--"&lt;XSS&gt;=&amp;{()}</code></pre> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/remotelocal"><img src="https://avatars.githubusercontent.com/u/10397617?v=4" />remotelocal</a> commented <strong> 9 years ago</strong> </div> <div class="markdown-body"> <h3>よくわからなかった</h3> <p>IMGタグのところ、XSS動作しなかった。 結局grave accent (`)で囲ったものがXSSとして動作してしまうのかどうか 分からなかった。 英文的にはa lot of XSS filters don't know about grave accent.なので、フィルタを通過するので動作しちゃうとおもうんだが。</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/remotelocal"><img src="https://avatars.githubusercontent.com/u/10397617?v=4" />remotelocal</a> commented <strong> 9 years ago</strong> </div> <div class="markdown-body"> <p><a href="http://ha.ckers.org/xsscalc.html">http://ha.ckers.org/xsscalc.html</a></p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/remotelocal"><img src="https://avatars.githubusercontent.com/u/10397617?v=4" />remotelocal</a> commented <strong> 9 years ago</strong> </div> <div class="markdown-body"> <p>Malformed A tagsから読む</p> </div> </div> <div class="page-bar-simple"> </div> <div class="footer"> <ul class="body"> <li>© <script> document.write(new Date().getFullYear()) </script> Githubissues.</li> <li>Githubissues is a development platform for aggregating issues.</li> </ul> </div> <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js"></script> <script src="/githubissues/assets/js.js"></script> <script src="/githubissues/assets/markdown.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/go.min.js"></script> <script> hljs.highlightAll(); </script> </body> </html>