Advertisement
| CVE | Category | Price | Severity |
|---|---|---|---|
| CVE-2015-1265 | CWE-79 | N/A | High |
| Author | Risk | Exploitation Type | Date |
|---|---|---|---|
| Unknown | High | Remote | 2015-06-25 |
Google Chrome 43.0.2357.124 XSS Filter Bypass Hi! Just wanted to share my finding. Ive found a way to bypass Chromes anti-xss filter. This bypass is universal, and it defeats Chromes XSSAuditor in all cases! If you find it interesting for you, or for your readers, here are the details: Description XSS attacks occur when one website injects JavaScript code into otherwise legitimate requests to another website. The injected script generally attempts to access privileged information. The XSS Filter detects JavaScript in URL and HTTP POST requests. If JavaScript is detected, the XSS Filter searches evidence of reflection. If reflection is detected, the XSS Filter sanitizes the original request so that the additional JavaScript cannot be executed. However, the XSS filter can by bypassed with leading regexp inside svg script tag. Details Title: Google Chrome Anti-XSS Filter Bypass Affected Products: Google Chrome 43.0.2357.124 m (letest stable version) Discovery Date: 16-06-15 Author: Yosi Ovadia (http://vulnerable.info/) Payload: <svg><script>/<1/>alert(document.domain)</script></svg> POC http://vulnerable.info/poc/poc.php?foo=%3Csvg%3E%3Cscript%3E/%3C1/%3Ealert(document.domain)%3C/script%3E%3C/svg%3E Reporting The issue was reported to chromium security team, and was fixed within 5 hours. The team marked it as a significant bypass. Patch https://codereview.chromium.org/1187843005/ Revision http://src.chromium.org/viewvc/blink?view=revision&revision=197282
Copyright ©2024 Exploitalert.