Hi my good forum friends,
Can be found here: http://recursion.com/interpolique.html
Start testing..http://recursion.com/interpolique_xss.html
Consider: http://www.searchlores.org/droptableifexists.txt
So testing: http://www.google.com/search?as_q=vbull ... itesearch=
Output:
Intermediate: Base64.decode("aHR0cDovL3d3dy5nb29nbGUuY29tL3NlYXJjaD9hc19xPXZidWxsZXRpbi5zcWwmbnVtPTEwJmhsPWVuJmJ0bkc9R29vZ2xlK1NlYXJjaCZhc19lcHE9JmFzX29xPSZhc19lcT0mbHI9JmFzX2Z0PWkmYXNfZmlsZXR5cGU9JmFzX3Fkcj1hbGwmYXNfbmxvPSZhc19uaGk9JmFzX29jY3Q9dXJsJmFzX2R0PWkmYXNfc2l0ZXNlYXJjaD0K");
Final (Parsed as Text): http://www.google.com/search?as_q=vbull ... itesearch=
Final (Parsed as Safe HTML): http://www.google.com/search?as_q=vbull ... itesearch=
An example with SQL exploit:
Output:
Intermediate: Base64.decode("aHR0cDovL3d3dy5waHBudWtlLm9yZy91c2VyLnBocD9vcD11c2VyaW5mbyZ1bmFtZT08c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmNvbwpraWUpOzwvc2NyaXB0Pgo=");
Final (Parsed as Text): http://www.phpnuke.org/user.php?op=user ... ript>alert(document.coo kie);</script>
Final (Parsed as Safe HTML): http://www.phpnuke.org/user.php?op=userinfo&uname=kie);alert(document.coo
=== Triggered rule ===
alert(url_content:"%3CSCRIPT"; nocase; msg:"<script> tags GET request cross site scripting attempt"; url_re:"/%3Cscript.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
=== Request URL ===
http://www.phpnuke.org/user.php?op=user ... /script%3E
luntrus
What do you think of Interpolique?
What do you think of Interpolique?
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.16) Gecko/2010010414 Firefox/3.0.16 Flock/2.5.6