Skip to main content

Posts

Showing posts from August, 2017

Xssing Web Part - 2

Xssing Web With Unicodes Hello friends,  This is the second part of "Xssing Web". In this post I would show how to abuse unicodes to bypass XSS filters.  BTW if you want to check previous part click here . Note : If you think there are any mistakes in this post then kindly mention it in comments. I have developed several XSS challenges to show how unicodes can be used to bypass filters. If you want to try those challenges first then click here , get back here if you couldn't solve any. Abusing Unicode : So what is Unicode? -> Unicode is nothing but the encoding standard. It  defines  UTF-8 ,  UTF-16 , UTF-32 , etc encodings. 1) UTF-8 : Characters Size : 1 byte to 4 byte Example : Character "A" => 0x41 Character "¡"  => 0xC2 0xA1 Character "ಓ" => 0xE0 0xB2 0x93 Character "𪨶" => 0xF0 0xAA 0xA8 0xB6 2) UTF-16 : Character Size : 2 byte However in UTF-16 there are two...