Talk:XSS Filter Evasion Cheat Sheet

From OWASP
Jump to: navigation, search

I can speak from being on the receiving end of XSS Evasion Attacks :)

   http://blog.spiderlabs.com/2013/09/modsecurity-xss-evasion-challenge-results.html
   http://blog.spiderlabs.com/2013/08/the-web-is-vulnerable-xss-on-the-battlefront-part-1.html

Essentially what we need to do is to consolidate a couple of key resources. The top two being -

   HTML5Sec Vectors - https://raw.githubusercontent.com/cure53/H5SC/master/vectors.txt.  These are taken from Mario's awesome work - http://html5sec.org/
   Shazzer's Successful Fuzzes - https://raw.githubusercontent.com/client9/libinjection/master/data/xss-shazzer.txt.  These are from Gareth's equally awesome work - http://shazzer.co.uk/home.  

I would start with these two resources as the base and build from there.

-Ryan