S? d?ng c�c dork sau �? t?m ki?m tr�n google
�? check 1 site d�nh l?i xss, th�ng th�?ng ta th�m �o?n script sau
- Tuy nhi�n �?i v?i 1 s? site c?n ph?i bypass b? l?c khi th?c hi?n t?n c�ng b?ng XSS.
- Ngo�i c�c �o?n m? script attacker c?ng c� th? ch�n v�o c�c th? html nh� sau:
inurl:".php?cmd="Check l?i XSS
inurl:".php?z="
inurl:".php?q="
inurl:".php?search="
inurl:".php?query="
inurl:".php?searchstring="
inurl:".php?keyword="
inurl:".php?file="
inurl:".php?years="
inurl:".php?txt="
inurl:".php?tag="
inurl:".php?max="
inurl:".php?from="
inurl:".php?author="
inurl:".php?pass="
inurl:".php?feedback="
inurl:".php?mail="
inurl:".php?cat="
inurl:".php?vote="
inurl:search.php?q=
inurl:com_feedpostold/feedpost.php?url=
inurl:scrapbook.php?id=
inurl:headersearch.php?sid=
inurl:/poll/default.asp?catid=
inurl:/search_results.php?search=
inurl:search.php?
inurl:find.php?
inurl:search.html
inurl:find.html
inurl:search.aspx
inurl:find.aspx
inurl:?keyword=
inurl:?search=?
�? check 1 site d�nh l?i xss, th�ng th�?ng ta th�m �o?n script sau
<script>alert(�XSS�)</script>N?u th?y n� xu?t hi?n 1 khung th�ng b�o th? site �� �? d�nh l?i XSS v� attacker c� th? s? d?ng XSS �? chi?m quy?n �i?u khi?n hay th?c thi nh?ng m?c ��ch kh�c.
- Tuy nhi�n �?i v?i 1 s? site c?n ph?i bypass b? l?c khi th?c hi?n t?n c�ng b?ng XSS.
- Ngo�i c�c �o?n m? script attacker c?ng c� th? ch�n v�o c�c th? html nh� sau:
"><body bgcolor="FF0000"></body>- S? d?ng c�c tool scan l?i site t?i ��y: http://quylevhb.blogspot.com/search/label/Tools
Ph��ng ph�p ki?m tra l?i XSS
4/
5
Oleh
Unknown
