[WEB SECURITY] How to Prevent XSS evasion attack ?
rsnake at shocking.com
Fri Dec 2 14:14:07 EST 2005
Hello, TAEHEUN, that is my page (http://ha.ckers.org/xss.html) that you
are refering to. No, that is not an effective filter. Firstly it is
only relevant to variables (and not cookie manipulation or other forms
of getting XSS on a page). Secondly that regex is basically saying:
Equals followed by a < followed by one or more non newlines, followed by
a close >. Here's a simple way around that - just don't include a close
If you do a half open attack like the following:
it will get interpreted as:
and if the next tag on the page is something like:
you'll be left with:
The first part "<table" will be ignored by the browser and the following
">" will close the tag and render the vector in IE and Netscape 8.0 on
trusted site setting I'm also skeptical of things that say "non
newline" as newlines are valid chars inside HTML, so I think that would
also allow the vector but it depends on where and how it's implemented
and how it interprets a newline. Also, this doesn't stop UTF-7 encoded
attacks, DOM based attacks that don't need angle brackets and as a side
note this will stop a lot more than just XSS, it will stop all HTML from
getting on the page, which might be more than some people want. Hope
On Fri, 2 Dec 2005, TAEHEUN LEE wrote:
> somebody tell me following....
> ** XSS evasion attack*
> -<div onmouseover="[code]">
> ** Regular Expression for XSS evasion attack*
> *this is perfect ??
> *Reference Document :*
> TAEHEUN LEE ¾´ ±Û:
>> Hi List..
>> i wonder how to prevent XSS evasion attack at WAF (Negative Security
>> Model) ?
>> 1. registers all signature ?
>> 2. embody in regular expression ?
>> *please.. can you tell me what is your solution ??*
>> * normal XSS
>> * evasion XSS
>> <IMG SRC="jav
>> anything else...
>> Reference Site
-------------- next part --------------
The Web Security Mailing List
The Web Security Mailing List Archives
More information about the websecurity