Need help with XSS resp it's RegEx

Ask for help about NoScript, no registration needed to post

Need help with XSS resp it's RegEx

Postby Alpengreis » Sun Nov 03, 2013 7:46 pm

Hi all,

I should have the following XSS exception as RegEx:

POST = [https://app.swisspost.ch/VPSPayment/PaymentGateway]
FROM = [https://sso.post.ch/upm/pages/EWalletLoading.aspx?language=DE&targetURL=https%3a%2f%2fws.sso.post.ch%2fmembers%2f%3f_step%3d7&fallBackURL=https%3a%2f%2fws.sso.post.ch%2fmembers%2f%3f_step%3d7&service=webstamp&loginpost=]

The URLs should be first level domains with or without 2nd level (or higher) domains.

which means:

https://swisspost.ch/* or https://*.swisspost.ch/*

should allow XSS from

https://post.ch/* or https://*.post.ch/*

What is the correct regex entry for this?

MANY thanks in advance for your help!

Greetings from Switzerland and a nice week ...
Alpengreis
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Alpengreis
 
Posts: 15
Joined: Sun Sep 29, 2013 9:13 pm

Re: Need help with XSS resp it's RegEx

Postby Giorgio Maone » Sun Nov 03, 2013 9:45 pm

Exceptions entered in the XSS options panel can match either the origin (if prefixed with "@") or the destination, not both (unfortunately).
Therefore, if you trust post.ch not to originate malicious requests, you can use
Code: Select all
^@https?://([^/]+\.)?post\.ch/

Otherwise, if you prefer to trust swisspost.ch not to be XSSable, you can use
Code: Select all
^https://([^/]+\.)?swisspost\.ch/
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
User avatar
Giorgio Maone
Site Admin
 
Posts: 8120
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy

Re: Need help with XSS resp it's RegEx

Postby Alpengreis » Sun Nov 03, 2013 10:10 pm

Ah, okay - checked and done!

Thank you VERY much, Giorgio!
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Alpengreis
 
Posts: 15
Joined: Sun Sep 29, 2013 9:13 pm

Re: Need help with XSS resp it's RegEx

Postby darnit! » Wed Mar 19, 2014 6:49 pm

Hi there,
Maybe I have the same problem...
When I try to log a comment in this page. Link :
http://www.qanon302.net/news/2014/03/19/14704

...I get an XSS message from No Script !! It says that it comes from http://jetpack.wordpress.com ! (what is this?). But here is the funny part. Message appears sometimes when my commentary is long like seven lines in the frame. When I put a much shorter one on other pages of the same site... like one or two lines, the xss message doesn't appear at all. I even made a test on the above mentioned page. I put a couple of dots in the frame instead of sentences. And it appeared smoothly in the page (& is still there) without the darn xss message appearing & cancelling everything !

Any help here pls ?
Thanks
Mozilla/5.0 (Windows NT 5.1; rv:28.0) Gecko/20100101 Firefox/28.0
darnit!
 

Re: Need help with XSS resp it's RegEx

Postby Giorgio Maone » Wed Mar 19, 2014 7:32 pm

darnit! wrote:Hi there,
Maybe I have the same problem...
When I try to log a comment in this page. Link :
http://www.qanon302.net/news/2014/03/19/14704

...I get an XSS message from No Script !! It says that it comes from http://jetpack.wordpress.com ! (what is this?).

Next time it happens, please open the Browser Console (ctrl+shift+J) and look for any [NoScript XSS] or [InjectionChecker] line, then send me a PM with it for examination.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
User avatar
Giorgio Maone
Site Admin
 
Posts: 8120
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy

Re: Need help with XSS resp it's RegEx

Postby Giorgio Maone » Wed Mar 19, 2014 11:57 pm

This is the line you want to add in your NoScript Options|Advanced|XSS|Exceptions box:
Code: Select all
^http:\/\/www\.qanon302\.net/wp-comments-post\.php


[Edit]
Per barbaz's request, here's the line sent in PM, with "uninteresting" data removed:
Code: Select all
[NoScript XSS] Sanitized suspicious upload to [http://www.qanon302.net/wp-comments-post.php?for=jetpack###DATA###{uninteresting long chunk of encoded data}] from [http://jetpack.wordpress.com/jetpack-comment/]: transformed into a download-only GET request.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
User avatar
Giorgio Maone
Site Admin
 
Posts: 8120
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy

Re: Need help with XSS resp it's RegEx

Postby Darnit ! » Thu Mar 20, 2014 2:27 am

Gosh... It worked. Thanx Giorgio. I will keep working with this solution. And if anything new arises, I will let you know.
Mozilla/5.0 (Windows NT 5.1; rv:28.0) Gecko/20100101 Firefox/28.0
Darnit !
 

Re: Need help with XSS resp it's RegEx

Postby barbaz » Thu Mar 20, 2014 4:29 pm

If the messages don't contain any sensitive information, since this is a sticky topic maybe they should be posted here, wrapped in code tags, for others to reference when trying to figure out how to write XSS exceptions?
*Always* check the changelogs BEFORE updating that important software!
Board search is currently partially broken: https://forums.informaction.com/viewtopic.php?f=14&t=21752
Workaround: use your favorite search engine, add site:forums.informaction.com to your query
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
barbaz
Senior Member
 
Posts: 7102
Joined: Sat Aug 03, 2013 5:45 pm

Re: Need help with XSS resp it's RegEx

Postby blublevita » Mon Sep 26, 2016 9:25 am

I have a similar issue that was not as easily resolved. The cross-scripting comes when registering a credit card with my phone provider from my account control panel. The domain is salt.ch and the provider URL when I am logged in begins with

https://myaccount.salt.ch/

After entering the card info, NoScript filters the XSS attempt from [https://secure5.arcot.com/]. I have sent the Console entry to Giorgio by PM. Here is background info on arcot.com, which although actually trustworthy has an apparently poorly designed service that can appear as a man-in-the-middle attack:
https://www.jasonpearce.com/2013/05/14/verified-by-visa-and-arcot-com-function-like-a-man-in-the-middle-attack/

In any case, I trust the phone provider and so decided to trust the entire salt.ch domain to not be XSSable by entering the following regular expression in the list of XSS protection exceptions, per the second post in this thread:
Code: Select all
^https://([^/]+\.)?salt\.ch/

This did not, however, modify the behavior; the XSS attempt is still blocked.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
blublevita
 
Posts: 2
Joined: Mon Sep 26, 2016 9:03 am

Re: Need help with XSS resp it's RegEx

Postby blublevita » Mon Sep 26, 2016 9:33 am

Apparently, I found the cause of my issue. In the protections list, I had not entered a carriage return at the end of the new entry. After entering one, creating a new empty line, and restarting the browser (just to be on the safe side), the XSS works.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
blublevita
 
Posts: 2
Joined: Mon Sep 26, 2016 9:03 am

Re: Need help with XSS resp it's RegEx

Postby barbaz » Mon Sep 26, 2016 4:31 pm

blublevita wrote:In the protections list, I had not entered a carriage return at the end of the new entry. After entering one, creating a new empty line, and restarting the browser (just to be on the safe side), the XSS works.

You sure you're not disabling the XSS filter entirely? Does this generate a XSS warning?
*Always* check the changelogs BEFORE updating that important software!
Board search is currently partially broken: https://forums.informaction.com/viewtopic.php?f=14&t=21752
Workaround: use your favorite search engine, add site:forums.informaction.com to your query
-
barbaz
Senior Member
 
Posts: 7102
Joined: Sat Aug 03, 2013 5:45 pm

Re: Need help with XSS resp it's RegEx

Postby Guest » Sun Dec 18, 2016 7:09 pm

Hello,
I use Firefox as my browser and Startpage.com as my search engine (not Google, for more or less the same reasons I use NoScript). Normally I type search terms directly into the address bar of the browser and it opens Startpage with the results page. Since the NoScript Update of about 3 weeks ago, I get an the start page of Startpage with an information about XSS attempt. I have tried to add an exemption based on the google example as follows:
^https?://([a-z]+)\.startpage\.(?:[a-z]{1,3}\.)?[a-z]+/(?:metasearch|custom|\1)\?

But unfortunately it does not work ... :(
Searching normally on Startpage works without any issue.
Any help would be appreciated!

BTW, why does CAPTCHA require google.com to run?

Thanks
Lutz
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Guest
 

Re: Need help with XSS resp it's RegEx

Postby Guest » Sun Dec 18, 2016 7:21 pm

sorry, too quick - NoScript just updated again and now it seems to work.
Thanks!
Lutz
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Guest
 


Return to NoScript Support

Who is online

Users browsing this forum: gracious1, Majestic-12 [Bot] and 7 guests