Another XSS auditor bypass
来源:互联网 发布:什么是竞品 知乎 编辑:程序博客网 时间:2024/06/14 04:18
This bug is similar to the last one I posted but executes in a different context. It requires an existing script after the injection because we use it to close the injected script. It’s a shame chrome doesn’t support self closing scripts in HTML or within a SVG element because I’m pretty sure I could bypass it without using an existing script. Anyway the injection uses a data url with a script. In order to bypass the filter we need to concat the string with the quote from the attribute or use html entities such as //
. The HTML parser doesn’t care how much junk is between the opening and closing script since we are using a src attribute.
http://challenge.hackvertor.co.uk/script3.php?x=%22%3E%3Cscript/src=data:,alert(1)%26sol;%26sol;
http://challenge.hackvertor.co.uk/script3.php?x=%22%3E%3Cscript/src=data:,alert(1)%2b%22
- Another XSS auditor bypass
- Bypass XSS filters (Paper)
- 【XSS】XSS Bypass学习笔记1
- Using XSS to bypass CSRF protection
- Bypass XSS filters using data URIs
- Bypass xss过滤的测试方法
- XSS过滤器Bypass的一些姿势 - xiaix
- VIDEO: web application firewall bypass with a XSS attack
- 那些年我们没能bypass的xss filter
- 对绕过谷歌XSS Auditor的一些想法(针对标签之间)
- The Easiest Way to Bypass XSS Mitigations http://brutelogic.com.br/blog/the-easiest-way-to-bypass-xs
- kinetic-swift--auditor
- another
- ANother
- another
- Bypass FsdFilter
- Bypass RestoreSystem
- bypass ujvc
- SQLServer2008只能编辑前面200行数据
- 事务传播行为
- ANDROID 对VIEW 截图的两种方式
- gdb显示结构体
- java格式化日期和时间
- Another XSS auditor bypass
- MVC和MVP的一些思考
- 谈下框架开发的一些经验,也谈下自己的一些项目经验
- UCENTER1.6下解决DISCUZ注册同步ECSHOP登录问题
- 从瀑布模型、极限编程到敏捷开发
- DialogFragment
- FJ的字符串 /*问题描述 FJ在沙盘上写了这样一些字符串: A1="A" A2="ABA" A3="ABACABA" A4="ABACABADABACABA" ... ...
- C++ string 类的函数
- 敏捷开发模式下的质量管理