Need help with XSS resp it's RegEx
-
- Posts: 15
- Joined: Sun Sep 29, 2013 9:13 pm
Need help with XSS resp it's RegEx
Hi all,
I should have the following XSS exception as RegEx:
POST = [https://app.swisspost.ch/VPSPayment/PaymentGateway]
FROM = [https://sso.post.ch/upm/pages/EWalletLoading.aspx?language=DE&targetURL=https%3a%2f%2fws.sso.post.ch%2fmembers%2f%3f_step%3d7&fallBackURL=https%3a%2f%2fws.sso.post.ch%2fmembers%2f%3f_step%3d7&service=webstamp&loginpost=]
The URLs should be first level domains with or without 2nd level (or higher) domains.
which means:
https://swisspost.ch/* or https://*.swisspost.ch/*
should allow XSS from
https://post.ch/* or https://*.post.ch/*
What is the correct regex entry for this?
MANY thanks in advance for your help!
Greetings from Switzerland and a nice week ...
Alpengreis
I should have the following XSS exception as RegEx:
POST = [https://app.swisspost.ch/VPSPayment/PaymentGateway]
FROM = [https://sso.post.ch/upm/pages/EWalletLoading.aspx?language=DE&targetURL=https%3a%2f%2fws.sso.post.ch%2fmembers%2f%3f_step%3d7&fallBackURL=https%3a%2f%2fws.sso.post.ch%2fmembers%2f%3f_step%3d7&service=webstamp&loginpost=]
The URLs should be first level domains with or without 2nd level (or higher) domains.
which means:
https://swisspost.ch/* or https://*.swisspost.ch/*
should allow XSS from
https://post.ch/* or https://*.post.ch/*
What is the correct regex entry for this?
MANY thanks in advance for your help!
Greetings from Switzerland and a nice week ...
Alpengreis
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
- Giorgio Maone
- Site Admin
- Posts: 9455
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Need help with XSS resp it's RegEx
Exceptions entered in the XSS options panel can match either the origin (if prefixed with "@") or the destination, not both (unfortunately).
Therefore, if you trust post.ch not to originate malicious requests, you can use
Otherwise, if you prefer to trust swisspost.ch not to be XSSable, you can use
Therefore, if you trust post.ch not to originate malicious requests, you can use
Code: Select all
^@https?://([^/]+\.)?post\.ch/
Code: Select all
^https://([^/]+\.)?swisspost\.ch/
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
-
- Posts: 15
- Joined: Sun Sep 29, 2013 9:13 pm
Re: Need help with XSS resp it's RegEx
Ah, okay - checked and done!
Thank you VERY much, Giorgio!
Thank you VERY much, Giorgio!
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Re: Need help with XSS resp it's RegEx
Hi there,
Maybe I have the same problem...
When I try to log a comment in this page. Link :
http://www.qanon302.net/news/2014/03/19/14704
...I get an XSS message from No Script !! It says that it comes from http://jetpack.wordpress.com ! (what is this?). But here is the funny part. Message appears sometimes when my commentary is long like seven lines in the frame. When I put a much shorter one on other pages of the same site... like one or two lines, the xss message doesn't appear at all. I even made a test on the above mentioned page. I put a couple of dots in the frame instead of sentences. And it appeared smoothly in the page (& is still there) without the darn xss message appearing & cancelling everything !
Any help here pls ?
Thanks
Maybe I have the same problem...
When I try to log a comment in this page. Link :
http://www.qanon302.net/news/2014/03/19/14704
...I get an XSS message from No Script !! It says that it comes from http://jetpack.wordpress.com ! (what is this?). But here is the funny part. Message appears sometimes when my commentary is long like seven lines in the frame. When I put a much shorter one on other pages of the same site... like one or two lines, the xss message doesn't appear at all. I even made a test on the above mentioned page. I put a couple of dots in the frame instead of sentences. And it appeared smoothly in the page (& is still there) without the darn xss message appearing & cancelling everything !
Any help here pls ?
Thanks
Mozilla/5.0 (Windows NT 5.1; rv:28.0) Gecko/20100101 Firefox/28.0
- Giorgio Maone
- Site Admin
- Posts: 9455
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Need help with XSS resp it's RegEx
Next time it happens, please open the Browser Console (ctrl+shift+J) and look for any [NoScript XSS] or [InjectionChecker] line, then send me a PM with it for examination.darnit! wrote:Hi there,
Maybe I have the same problem...
When I try to log a comment in this page. Link :
http://www.qanon302.net/news/2014/03/19/14704
...I get an XSS message from No Script !! It says that it comes from http://jetpack.wordpress.com ! (what is this?).
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
- Giorgio Maone
- Site Admin
- Posts: 9455
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Need help with XSS resp it's RegEx
This is the line you want to add in your NoScript Options|Advanced|XSS|Exceptions box:
[Edit]
Per barbaz's request, here's the line sent in PM, with "uninteresting" data removed:
Code: Select all
^http:\/\/www\.qanon302\.net/wp-comments-post\.php
Per barbaz's request, here's the line sent in PM, with "uninteresting" data removed:
Code: Select all
[NoScript XSS] Sanitized suspicious upload to [http://www.qanon302.net/wp-comments-post.php?for=jetpack###DATA###{uninteresting long chunk of encoded data}] from [http://jetpack.wordpress.com/jetpack-comment/]: transformed into a download-only GET request.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
Re: Need help with XSS resp it's RegEx
Gosh... It worked. Thanx Giorgio. I will keep working with this solution. And if anything new arises, I will let you know.
Mozilla/5.0 (Windows NT 5.1; rv:28.0) Gecko/20100101 Firefox/28.0
Re: Need help with XSS resp it's RegEx
If the messages don't contain any sensitive information, since this is a sticky topic maybe they should be posted here, wrapped in code tags, for others to reference when trying to figure out how to write XSS exceptions?
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
-
- Posts: 9
- Joined: Mon Sep 26, 2016 9:03 am
Re: Need help with XSS resp it's RegEx
I have a similar issue that was not as easily resolved. The cross-scripting comes when registering a credit card with my phone provider from my account control panel. The domain is salt.ch and the provider URL when I am logged in begins with
https://myaccount.salt.ch/
After entering the card info, NoScript filters the XSS attempt from [https://secure5.arcot.com/]. I have sent the Console entry to Giorgio by PM. Here is background info on arcot.com, which although actually trustworthy has an apparently poorly designed service that can appear as a man-in-the-middle attack:
https://www.jasonpearce.com/2013/05/14/ ... le-attack/
In any case, I trust the phone provider and so decided to trust the entire salt.ch domain to not be XSSable by entering the following regular expression in the list of XSS protection exceptions, per the second post in this thread:
This did not, however, modify the behavior; the XSS attempt is still blocked.
https://myaccount.salt.ch/
After entering the card info, NoScript filters the XSS attempt from [https://secure5.arcot.com/]. I have sent the Console entry to Giorgio by PM. Here is background info on arcot.com, which although actually trustworthy has an apparently poorly designed service that can appear as a man-in-the-middle attack:
https://www.jasonpearce.com/2013/05/14/ ... le-attack/
In any case, I trust the phone provider and so decided to trust the entire salt.ch domain to not be XSSable by entering the following regular expression in the list of XSS protection exceptions, per the second post in this thread:
Code: Select all
^https://([^/]+\.)?salt\.ch/
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
-
- Posts: 9
- Joined: Mon Sep 26, 2016 9:03 am
Re: Need help with XSS resp it's RegEx
Apparently, I found the cause of my issue. In the protections list, I had not entered a carriage return at the end of the new entry. After entering one, creating a new empty line, and restarting the browser (just to be on the safe side), the XSS works.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
Re: Need help with XSS resp it's RegEx
You sure you're not disabling the XSS filter entirely? Does this generate a XSS warning?blublevita wrote:In the protections list, I had not entered a carriage return at the end of the new entry. After entering one, creating a new empty line, and restarting the browser (just to be on the safe side), the XSS works.
*Always* check the changelogs BEFORE updating that important software!
-
Re: Need help with XSS resp it's RegEx
Hello,
I use Firefox as my browser and Startpage.com as my search engine (not Google, for more or less the same reasons I use NoScript). Normally I type search terms directly into the address bar of the browser and it opens Startpage with the results page. Since the NoScript Update of about 3 weeks ago, I get an the start page of Startpage with an information about XSS attempt. I have tried to add an exemption based on the google example as follows:
^https?://([a-z]+)\.startpage\.(?:[a-z]{1,3}\.)?[a-z]+/(?:metasearch|custom|\1)\?
But unfortunately it does not work ...
Searching normally on Startpage works without any issue.
Any help would be appreciated!
BTW, why does CAPTCHA require google.com to run?
Thanks
Lutz
I use Firefox as my browser and Startpage.com as my search engine (not Google, for more or less the same reasons I use NoScript). Normally I type search terms directly into the address bar of the browser and it opens Startpage with the results page. Since the NoScript Update of about 3 weeks ago, I get an the start page of Startpage with an information about XSS attempt. I have tried to add an exemption based on the google example as follows:
^https?://([a-z]+)\.startpage\.(?:[a-z]{1,3}\.)?[a-z]+/(?:metasearch|custom|\1)\?
But unfortunately it does not work ...
Searching normally on Startpage works without any issue.
Any help would be appreciated!
BTW, why does CAPTCHA require google.com to run?
Thanks
Lutz
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Re: Need help with XSS resp it's RegEx
sorry, too quick - NoScript just updated again and now it seems to work.
Thanks!
Lutz
Thanks!
Lutz
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0