This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:XSS Filter Evasion Cheat Sheet

From OWASP

Revision as of 20:41, 9 April 2014 by Jmanico (talk | contribs) (Created page with "I can speak from being on the receiving end of XSS Evasion Attacks :) http://blog.spiderlabs.com/2013/09/modsecurity-xss-evasion-challenge-results.html http://blog.sp...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

I can speak from being on the receiving end of XSS Evasion Attacks :)

   http://blog.spiderlabs.com/2013/09/modsecurity-xss-evasion-challenge-results.html
   http://blog.spiderlabs.com/2013/08/the-web-is-vulnerable-xss-on-the-battlefront-part-1.html

Essentially what we need to do is to consolidate a couple of key resources. The top two being -

   HTML5Sec Vectors - https://raw.githubusercontent.com/cure53/H5SC/master/vectors.txt.  These are taken from Mario's awesome work - http://html5sec.org/
   Shazzer's Successful Fuzzes - https://raw.githubusercontent.com/client9/libinjection/master/data/xss-shazzer.txt.  These are from Gareth's equally awesome work - http://shazzer.co.uk/home.

I would start with these two resources as the base and build from there.

-Ryan

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:XSS_Filter_Evasion_Cheat_Sheet&oldid=172128"