← Older revision
Revision as of 16:30, 4 September 2012
Line 206:
Line 206:
XSS
XSS
−
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
+
Browser support: [IE7.0|
'''
IE6.0
'''
|
'''
NS8.1-IE
'''
] [NS8.1-G|FF2.0] [O9.02]
=== VBscript in an image ===
=== VBscript in an image ===
−
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
+
Browser support: [IE7.0|
'''
IE6.0
'''
|
'''
NS8.1-IE
'''
] [NS8.1-G|FF2.0] [O9.02]
=== Livescript (older versions of Netscape only)===
=== Livescript (older versions of Netscape only)===
−
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [NS4]
+
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [
'''
NS4
'''
]
=== Mocha (older versions of Netscape only)===
=== Mocha (older versions of Netscape only)===
−
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [NS4]
+
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [
'''
NS4
'''
]
== BODY tag ==
== BODY tag ==
Line 326:
Line 326:
== BGSOUND ==
== BGSOUND ==
−
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
+
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [
'''
O9.02
'''
]
== & JavaScript includes ==
== & JavaScript includes ==
−
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [NS4]
+
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [
'''
NS4
'''
]
== LAYER (also only works in Netscape 4.x) ==
== LAYER (also only works in Netscape 4.x) ==
−
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [NS4]
+
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [
'''
NS4
'''
]
== STYLE sheet ==
== STYLE sheet ==
−
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
+
Browser support: [IE7.0|
'''
IE6.0
'''
|
'''
NS8.1-IE
'''
] [NS8.1-G|FF2.0] [O9.02]
=== Remote style sheet ===
=== Remote style sheet ===
Line 345:
Line 345:
−
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
+
Browser support: [IE7.0|
'''
IE6.0
'''
|
'''
NS8.1-IE
'''
] [NS8.1-G|FF2.0] [O9.02]
=== Remote style sheet part 2 ===
=== Remote style sheet part 2 ===
Line 351:
Line 351:
−
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
+
Browser support: [IE7.0|
'''
IE6.0
'''
|
'''
NS8.1-IE
'''
] [NS8.1-G|FF2.0] [O9.02]
=== Remote style sheet part 3 ===
=== Remote style sheet part 3 ===
Line 362:
Line 362:
This only works in Gecko rendering engines and works by binding an XUL file to the parent page. I think the irony here is that Netscape assumes that Gecko is safer and therefor is vulnerable to this for the vast majority of sites:
This only works in Gecko rendering engines and works by binding an XUL file to the parent page. I think the irony here is that Netscape assumes that Gecko is safer and therefor is vulnerable to this for the vast majority of sites:
−
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
+
Browser support: [IE7.0|IE6.0|NS8.1-IE] [
'''
NS8.1-G
'''
|
'''
FF2.0
'''
] [O9.02]
== Local htc file ==
== Local htc file ==
This is a little different than the above two cross site scripting vectors because it uses an .htc file which must be on the same server as the XSS vector. The example file works by pulling in the JavaScript and running it as part of the style attribute:
This is a little different than the above two cross site scripting vectors because it uses an .htc file which must be on the same server as the XSS vector. The example file works by pulling in the JavaScript and running it as part of the style attribute:
−
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
+
Browser support: [
'''
IE7.0
'''
|
'''
IE6.0
'''
|
'''
NS8.1-IE
'''
] [NS8.1-G|FF2.0] [O9.02]
Line 373:
Line 373:
US-ASCII encoding (found by Kurt Huwig).This uses malformed ASCII encoding with 7 bits instead of 8. This XSS may bypass many content filters but only works if the host transmits in US-ASCII encoding, or if you set the encoding yourself. This is more useful against web application firewall cross site scripting evasion than it is server side filter evasion. Apache Tomcat is the only known server that transmits in US-ASCII encoding. I highly suggest anyone interested in alternate encoding issues look at my charsets issues page:
US-ASCII encoding (found by Kurt Huwig).This uses malformed ASCII encoding with 7 bits instead of 8. This XSS may bypass many content filters but only works if the host transmits in US-ASCII encoding, or if you set the encoding yourself. This is more useful against web application firewall cross site scripting evasion than it is server side filter evasion. Apache Tomcat is the only known server that transmits in US-ASCII encoding. I highly suggest anyone interested in alternate encoding issues look at my charsets issues page:
¼script¾alert(¢XSS¢)¼/script¾
¼script¾alert(¢XSS¢)¼/script¾
−
Browser support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02] [NS4]
+
Browser support: [
'''
IE7.0
'''
|
'''
IE6.0
'''
|
'''
NS8.1-IE
'''
] [NS8.1-G|FF2.0] [O9.02] [NS4]
= Browser support reference table =
= Browser support reference table =