google / firing-range Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
Hello, I am trying to find a way how to perform XSS in style tags. However it seems to me that unless I rely on deprecated or not fixed features of old browsers like :expression and -moz-binding the following pages cannot be exploted. Is it true? If so, could you give me a hint on how to exploit them?
The testcases:
/serverside/escapeHtml/css_style
/serverside/escapeHtml/css_style_font_value
/serverside/escapeHtml/css_style_value
/serverside/encodeUrl/css_style
/serverside/encodeUrl/css_style_value
/serverside/encodeUrl/css_style_value
The testcases with where the second parameter should be according to the description echoed withing the HEAD tag is being echoed inside the BODY tag.
Body - HTML escaped - The parameter is echoed within the main BODY tag.
Body - URL escaped - The parameter is echoed within the main BODY tag.
Head - HTML escaped - The parameter is echoed within the HEAD tag.
Head - URL escaped - The parameter is echoed within the HEAD tag.
Hello,
I am trying to deploy firing-range on GAE however I'm running into issues.
First, trying to deploy as "gcloud deploy app" I get this error:
Error: Server Error
The server encountered an error and could not complete your request.
Please try again in 30 seconds.
Second, trying to deploy as " mvn deploy: appengine" runs into many errors such as there isn't a pom file . Therefore I created the pom file but still got errors such as:
[ERROR] Could not find goal '' in plugin org.apache.maven.plugins:maven-deploy-plugin:2.7 among available goals deploy-file, help, deploy -> [Help 1]
Every time I sort out an error another comes out, which makes me wonder if I am following the correct way.
Can you provide some steps on how to deploy this app on GAE?
Thank you
https://github.com/jesuscmartinez/docker-firing-range has a Dockerfile that works, but only up to
commit c7033ad.
I adapted it to use the build context's copy of firing-range:
FROM ubuntu:trusty
RUN apt-get update \
&& apt-get install -y -qq wget unzip ant git openjdk-7-jdk \
&& apt-get clean
RUN wget https://storage.googleapis.com/appengine-sdks/featured/appengine-java-sdk-1.9.24.zip \
&& unzip appengine-java-sdk-1.9.24.zip \
&& rm appengine-java-sdk-1.9.24.zip
WORKDIR appengine-java-sdk-1.9.24/demos/firing-range
COPY build.xml build.xml
COPY src src
COPY WEB-INF WEB-INF
EXPOSE 8080
CMD ["sh", "-c", "ant -Daddress=0.0.0.0 runserver && while true; do sleep 10000; done"]
The next commit, fe45c38, ported firing-range to java 8, and I couldn't figure out how to get firing-range working with that in Docker. My experience with Java predates ant... and I'm allergic to xml :-)
Need challenges for some of the below-mentioned list
https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/eval
https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/eval
https://public-firing-range.appspot.com/dom/toxicdom/window/name/eval
https://public-firing-range.appspot.com/address/location.hash/documentwrite
Please provide solutions from these mentioned URLs it will be a great help from your side
thanks and regards
Hi,
Can you please let me know where can I find the solutions for these challenges please.
Original report: #15 (comment)
"The problem seems to be that in the local instance a / gets appended after the /tags path. I'm using Java 8 and appengine-java-sdk-1.9.54."
Hello,
I am struggling in exploiting some of the challenges, can you provide the solutions for that it will be really helpful for me to learn and understand advanced level challenges of XSS as I solved all the Reflected XSS module but I am struggling in solving EscapedXSS module.
When running 'ant runserver' on Mac OSX 10.13.4 I get the multiple instances of the following error:
[enhance] Apr. 10, 2018 12:29:57 VORM. org.datanucleus.enhancer.DataNucleusEnhancer addMessage [enhance] SCHWERWIEGEND: An error occured for ClassEnhancer "ASM" when trying to call the method "org.datanucleus.enhancer.asm.ASMClassEnhancer" on class "getClassNameForFileName" : null [enhance] java.lang.IllegalArgumentException [enhance] at org.objectweb.asm.ClassReader.<init>(ClassReader.java:170) [enhance] at org.objectweb.asm.ClassReader.<init>(ClassReader.java:153) [enhance] at org.objectweb.asm.ClassReader.<init>(ClassReader.java:424) [enhance] at org.datanucleus.enhancer.asm.ASMClassEnhancer.getClassNameForFileName(ASMClassEnhancer.java:155) [enhance] at jdk.internal.reflect.GeneratedMethodAccessor1.invoke(Unknown Source) [enhance] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [enhance] at java.base/java.lang.reflect.Method.invoke(Method.java:564) [enhance] at org.datanucleus.enhancer.DataNucleusEnhancer.getClassNameForFilename(DataNucleusEnhancer.java:920) [enhance] at org.datanucleus.enhancer.DataNucleusEnhancer.getFileMetadataForInput(DataNucleusEnhancer.java:736) [enhance] at org.datanucleus.enhancer.DataNucleusEnhancer.enhance(DataNucleusEnhancer.java:545) [enhance] at org.datanucleus.enhancer.DataNucleusEnhancer.main(DataNucleusEnhancer.java:1252) [enhance] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [enhance] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [enhance] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [enhance] at java.base/java.lang.reflect.Method.invoke(Method.java:564) [enhance] at com.google.appengine.tools.enhancer.Enhancer.execute(Enhancer.java:74) [enhance] at com.google.appengine.tools.enhancer.Enhance.<init>(Enhance.java:70) [enhance] at com.google.appengine.tools.enhancer.Enhance.main(Enhance.java:50)
I am using the following Java version:
$ java --version java 10 2018-03-20 Java(TM) SE Runtime Environment 18.3 (build 10+46) Java HotSpot(TM) 64-Bit Server VM 18.3 (build 10+46, mixed mode)
You can find the full log attached,
log.log
The public-firing-range is several versions old and a new version needs to be pushed. Note for example the difference between what is checked into the repo and what's hosted at public-firing-range.appspot.com/dom - specifically the lack of external script loading toxicdomscripts tests.
https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/?q=foo and others in the same section yield Invalid location of the vulnerable parameter.
and they should be showing something completely different.
Example: https://public-firing-range.appspot.com/escape/serverside/escapeHtml/body?q=a
Our ZAP regression tests are failing ;)
https://github.com/zapbot/zap-mgmt-scripts/runs/6977470176?check_suite_focus=true
Hi, could you please push the 0.47 version of firing range that is also deployed at https://public-firing-range.appspot.com/? Or is it not inteded to be public?
The version on github is still 0.46.
Is there a place where we can find an exhaustive list of all the vulnerabilities exposed by firing-range?
I wanted to compare the result found by some tools with the reality and opening the vulnerabilities pages one by one is quite time consuming.
Thanks,
In all the external toxicdom tests, eg /dom/toxicdom/external/localStorage/array/eval the path to the toxicdomscripts/ servlet is wrong and breaks.
I have been trying to perform XSS for serverside URL encoding challenges like https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_name but I cannot bypass the encoding. Can I get some help regarding this?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.