Wednesday, May 30, 2018

How to reduce risk of XSS while allowing html tags

1. Allow a limited set of HTML tags:

  'a'
  'em'
  'strong'
  'cite'
  'code'
  'ul'
  'ol'
  'li'
  'dl'
  'dt'
  'dd'

Refer to the way that Drupal does -  https://api.drupal.org/api/drupal/modules%21filter%21filter.module/function/filter_xss/6.x



2. Remove all script event handlers (onload/onerror/on[a-z]{1,10}=) and src based payload (src=javascript:alert()when storing product information.


on[a-z]{1,10}=

javascript:

data:

[Hone Your Ninja Skill] Think Beyond - Tweets Display

http://honeyourskills.ninja/target/web/beyond/?url=display-tweets.php

With this complex world where applications are massively interconnected and cohesively making the best use of one another's data, attack can happen from every angle if you don't think beyond. 

Monday, May 28, 2018

[Hone Your Ninja Skill] Think Beyond - Dig online



With this complex world where applications are massively interconnected and cohesively making the best use of one another's data, attack can happen from every angle if you don't think beyond.

https://honeyourskills.ninja/target/web/beyond/?url=dig-online.php

Friday, May 25, 2018

[Hone Your Ninja Skill] Whitelist filter bypass ("URL")

http://honeyourskills.ninja/target/web/data_restriction/?url=whitelist-filter-bypass-url.php

In input validation, whitelisting approach is said to be better than blacklisting one.  Yet non-robust implementation in whitelisting  could also allow attacker to bypass your defense.

Sunday, May 20, 2018

[Hone Your Ninja Skill] Simple Tactical XSS Filter Bypass



Mission: Achieve script execution when submitting form.
Hint: It is simple. Just a matter of tactics, techniques, and procedures.

http://honeyourskills.ninja/target/web/xss/simple-tactical-xss-filter-bypass.php

Thursday, May 17, 2018

Saturday, May 12, 2018

Bypassing referrer check with no script involved

No more to use scripting approach like https://github.com/knu/noreferrer

This useful meta tag helps for CSRF POC preparation when you come across an application that checks referrer header:
<meta name="referrer" content="no-referrer">

https://caniuse.com/#feat=referrer-policy

When your XSS finding is NOT impressed

If your XSS finding is not convinced by your clients/stakeholders, demonstrate the impact with BeEF or simple executable download payload could help: Exe Download POC: https://lnkd.in/fWF_nEK BeEF: http://beefproject.com/

secure configurations for Laravel - The PHP Framework

This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher secu...