Tag Archives: XSS

Unibomber tool for specialized XSS testing

Posted on July 27, 2009 by Chris Weber

At Black Hat I’m planning to demo a new tool we’ve been putting together at Casaba Security. It’s mostly a brute force input testing tool right now, aimed at finding cross-site scripting (XSS) bugs but with a unique set of … Continue reading →

Posted in testing, tools | Tagged XSS | Leave a comment

Advisory: Adobe Air 1.1 JavaScript execution security vulnerability

Posted on November 18, 2008 by Chris Weber

Adobe released a patch and bulletin for an issue I reported back in May. The issue is really in WebKit, and many products seem to be affected. A vulnerability has been identified in Adobe AIR 1.1 and earlier that could … Continue reading →

Posted in JavaScript, Unicode, advisory, cross site scripting, testing | Tagged advisory, JavaScript, XSS | Leave a comment

Advisory: BOM’ing Firefox’s Javascript Interpreter

Posted on October 1, 2008 by Chris Weber

Damage: Filter evasion, cross-site scripting Exploit: Insert Unicode byte order mark (BOM) U+FEFF into javascript statements to bypass filters. Root Cause: character absorption/swallowing Product version: Firefox 3.01 and earlier Link to Mozilla advisory: http://www.mozilla.org/security/announce/2008/mfsa2008-43.html Well admittedly this one seems to … Continue reading →

Posted in advisory, cross site scripting | Tagged BOM, Unicode, XSS | Leave a comment

Advisory: Attack of the Mongolian space evaders! (and other Medieval XSS vectors)

Posted on August 26, 2008 by Chris Weber

Damage: Filter evasion, cross-site scripting Exploit: Bypass XSS filters, IPS/IDS, AV, or WAF’s with specially crafted white_space characters to execute XSS attacks. Root Cause: Interpreting syntax replacements Product Version: Opera 9.51 and earlier Or should we call this “Druidic magical … Continue reading →

Posted in Unicode, advisory, browser, cross site scripting | Tagged browser, Unicode, XSS | 8 Comments

Browser user-agents and variable-width utf-8 encoding issues

Posted on May 18, 2008 by Chris Weber

Table 3.1B from Corrigendum #1: UTF-8 Shortest Form provides the basis for some interesting test cases. Hopefully I’ll have something to report about this this soon. In the meantime John Hernandez and I are structuring tests across all browsers to … Continue reading →

Posted in Unicode, browser, cross site scripting | Tagged browsers, Unicode, utf-8, XSS | Leave a comment

Firefox renders xmlns xhtml in favor of XSS

Posted on January 27, 2008 by Chris Weber

My colleague John Hernandez showed me this trick the other day, which has proven useful as an exploit in many cases. If the site returns XML with a Content-Type: text/xml you’d normally think there’s not much script injection potential. However … Continue reading →

Posted in Web, security | Tagged firefox, testing, XSS | Leave a comment

Internet Explorer whitespace-as-comment hack to bypass input filters

Posted on January 11, 2007 by Chris Weber

When testing for XSS (cross-site scripting) issues, you often need to bypass filters and perform different sorts of encodings and other trickery. To be a good tester you also need to know how the browsers you’re concerned with behave differently. … Continue reading →

Posted in Web, browser, testing | Tagged browser, XSS | Leave a comment

IIS 6.0 %uNNNN unicode notation in the URL

Posted on January 10, 2007 by Chris Weber

I do a lot of web app pen testing. Character encoding is always an important part of many input validation test cases. Some people don’t realize that IIS takes straight unicode notation in the URL by default. So you can … Continue reading →

Posted in Web, testing | Tagged testing, Unicode, XSS | Leave a comment

Tag Archives: XSS

Archives

Meta