Posts

[Hone Your Ninja Skill] Simple Tactical XSS Filter Bypass

Mission: Achieve script execution when submitting form.
Hint: It is simple. Just a matter of tactics, techniques, and procedures.

http://honeyourskills.ninja/target/simple-tactical-xss-filter-bypass.php

[Hone Your Ninja Skill] Blacklist filter bypass on < > and =

Mission: Achieve arbitrary script execution when clicking above link.
http://honeyourskills.ninja/target/blacklist-filter-bypass-bracket-allowed.php

[Hone Your Ninja Skill] Blacklist filter bypass on > < ( ) and =

Mission: Achieve arbitrary script execution when clicking above link.
http://honeyourskills.ninja/target/blacklist-filter-bypass-bracket-equal.php?callback=printToPage

[Hone Your Ninja Skill] Blacklist filter bypass on Blacklist filter bypass on > < ( and )

Mission: Bypass "( )" character restriction and achieve script execution.  http://honeyourskills.ninja/target/blacklist-filter-bypass-bracket.php?callback=printToPage

[Hone Your Ninja Skill] Blacklist filter bypass ("domain name")

Mission: Try submitting an equivalence of blacklisted "yehg.net" word in the form below for fun: 

http://honeyourskills.ninja/target/blacklist-filter-bypass-domain.php

Does your app properly destroy session?

Image