News Feed
Jobs Feed
Sections




News Archive
Gareth Heyes:
Bypassing XSS Auditor
by Chris Cornutt February 20, 2013 @ 11:21:29

Gareth Heyes has posted about some bypasses that he's found for getting around the XSS Auditor functionality in some browsers:

I had a look at XSS Auditor for a bit of fun because Mario said it's getting harder to bypass. Hmmm I don't agree. I seem to remember the same flaws are present from the last time I checked it with a little variation. It is also a very limited XSS filter not supporting detection of script based attacks (very common).

He includes three of his own bypasses - using a "formaction" on the submit input in a form, using "target" to override the iframe external resource restriction and the injection of a specially placed anchor tag. Each of these comes with a proof-of-concept example and another is also included courtesy of Mario Heiderich.

0 comments voice your opinion now!
bypass xssauditor browser xss protection proofofconcept poc


blog comments powered by Disqus

Similar Posts

Douglas Brown's Blog: Three Important Tips to Write PHP Code Defensively

Frikk.tk: How to make your own CAPTCHA protection using PHP

Leaseweb Labs Blog: POC: Flexible PHP Output Caching

DevShed: Tracking Website Statistics with PHP

Total PHP: Browser based template editor


 Community Events











Don't see your event here?
Let us know!

introduction community testing zendframework2 series usergroup language rest conference functional database example phpunit framework opinion interview podcast release symfony2 development

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework