Breaking The Great Wall of Web – XSS WAF Evasion CheatSheet

I think it’s mandatory to give back to Security community from where we learn cutting edge techniques and information. Therefore after months of effort i am presenting to you a new WhitePaper titled “Breaking Great Wall of Web” without any strings attached.

Acknowledgements

I would like to thank the Acunetix Team for helping with proof-reading of the document.

Background

The WhitePaper not only contains sophisticated XSS vectors but it aims at also explaining the methodology behind bypassing a WAF.  The previous paper on this subject “Bypassing Modern WAF’s XSS Filters – Cheat Sheet” was released 3 years back. A lot has changed and evolved during these years, especially with the advent of ECMA Script a new horizon for evasion/obfuscation have been opened. I have already discussed/demonstrated several techniques presented in this whitepaper in my recent Webcast hosted by Garage4hackers team namely “Bypassing Modern WAF’s Exemplified At XSS“.

Abstract

Input Validation flaws such as XSS are the most prevailing security threats affecting modern Web Applications. In order to mitigate these attacks Web Application Firewalls (WAF’s) are used, which inspect HTTP requests for malicious transactions. Nevertheless, they can be easily bypassed due to the complexity of JavaScript in Modern browsers. In this paper we will discusses several techniques that can be used to circumvent WAF’s exemplified at XSS.

This will paper talk about the concepts of WAF’s in general, identifying and fingerprinting WAF’s and various methodologies for constructing a bypass. The paper discusses well known techniques such as Brute Forcing, Regular expression reversing and browser bugs for bypassing WAF’s.

How to Find Credit card details using google dorks for carding

These are google dorks to find out shopping website for sql injection.you can test these website for sql injection vulnerability for fetching credit card details from database.

inurl:”.php?cat=”+intext:”Paypal”+site:UK

inurl:”.php?cat=”+intext:”/Buy Now/”+site:.net

inurl:”.php?cid=”+intext:”online+betting”

inurl:”.php?id=” intext:”View cart”

inurl:”.php?id=” intext:”Buy Now”

inurl:”.php?id=” intext:”add to cart”

inurl:”.php?id=” intext:”shopping”

inurl:”.php?id=” intext:”boutique”

inurl:”.php?id=” intext:”/store/”

inurl:”.php?id=” intext:”/shop/”

inurl:”.php?id=” intext:”toys”

inurl:”.php?cid=”

inurl:”.php?cid=” intext:”shopping”

inurl:”.php?cid=” intext:”add to cart”

inurl:”.php?cid=” intext:”Buy Now”

inurl:”.php?cid=” intext:”View cart”

inurl:”.php?cid=” intext:”boutique”

inurl:”.php?cid=” intext:”/store/”

inurl:”.php?cid=” intext:”/shop/”

inurl:”.php?cid=” intext:”Toys”

inurl:”.php?cat=”

inurl:”.php?cat=” intext:”shopping”

inurl:”.php?cat=” intext:”add to cart”

inurl:”.php?cat=” intext:”Buy Now”

inurl:”.php?cat=” intext:”View cart”

inurl:”.php?cat=” intext:”boutique”

inurl:”.php?cat=” intext:”/store/”

inurl:”.php?cat=” intext:”/shop/”

inurl:”.php?cat=” intext:”Toys”

inurl:”.php?catid=”

inurl:”.php?catid=” intext:”View cart”

inurl:”.php?catid=” intext:”Buy Now”

inurl:”.php?catid=” intext:”add to cart”

inurl:”.php?catid=” intext:”shopping”

inurl:”.php?catid=” intext:”boutique”

inurl:”.php?catid=” intext:”/store/”

inurl:”.php?catid=” intext:”/shop/”

inurl:”.php?catid=” intext:”Toys”

Just type in “inurl:” before these dorks:

merchandise/index.php?cat=

productlist.asp?catalogid=

Category.asp?category_id=

Category.cfm?category_id=

category.asp?cid=

category.cfm?cid=

category.asp?cat=

category.cfm?cat=

category.asp?id=

index.cfm?pageid=

category.asp?catid=

Category.asp?c=

Category.cfm?c=

productlist.cfm?catalogid=

productlist.asp?catalogid=

viewitem.asp?catalogid=

viewitem.cfm?catalogid=

catalog.cfm?catalogId=

catalog.asp?catalogId=

department.cfm?dept=

department.asp?dept=

itemdetails.cfm?catalogId=

itemdetails.asp?catalogId=

product_detail.asp?catalogid=

product_detail.cfm?catalogid=

product_list.asp?catalogid=

product_list.cfm?catalogid=

ShowProduct.cfm?CatID=

ShowProduct.asp?CatID=

search_results.cfm?txtsearchParamCat=

search_results.asp?txtsearchParamCat=

itemdetails.cfm?catalogId=

itemdetails.asp?catalogId=

store-page.cfm?go=

store-page.asp?go=

Detail.cfm?CatalogID=

Detail.asp?CatalogID=

browse.cfm?category_id=

view.cfm?category_id=

products.cfm?category_id=

index.cfm?Category_ID=

detail.cfm?id=

category.cfm?id=

showitems.cfm?category_id=

ViewProduct.asp?PID=

ViewProduct.cfm?PID=

shopdisplayproducts.asp?catalogid=

shopdisplayproducts.cfn?catalogid=

displayproducts.cfm?category_id=

displayproducts.asp?category_id=

DisplayProducts.asp?prodcat=

DisplayProducts.cfm?prodcat=x

productDetail.cfm?ProductID=

products.php?subcat_id=

showitem.cfm?id=21

productdetail.cfm?pid=

default.cfm?action=46

products_accessories.asp?CatId=

Store_ViewProducts.asp?Cat=

category.cfm?categoryID=

category.asp?category=

tepeecart.cfm?shopid=

view_product.asp?productID=

ProductDetails.asp?prdId=12

products.cfm?ID=

detail.asp?product_id=

product_detail.asp?product_id=

products.php?subcat_id=

product.php?product_id=

view_product.cfm?productID=

product_details.asp?prodid=

shopdisplayproducts.cfm?id=

displayproducts.cfm?id=

jjjj