IE8 xss filter bypass

admin 2021年4月3日19:29:06评论25 views字数 89阅读0分17秒阅读模式

Note: IE 10 have fixed this issue,and IE8 ...

-------------------------------------------------

1. a tag can also be written as a tag.

     
     
x

the code above will execute script fragment in "to" attribute.

Furthermore, we found this xss vector contructed from the three tags ( & ) can bypass the IE8 xss filter.

------------------------------------------------

POC1: use

http://xsst.sinaapp.com/example/1-1.php?page=
x

while  using will trigger the xss filter to intercept our code.

2. Our code should start with ">, when we encounter the  case like : . The "> will trigger the xss filter, and it will replace some words like 'namespace' and 'attributeName' in our code. My friend @jackmasa (https://twitter.com/jackmasa)(@Sogili in Wooyun.org) gave me a trick to solve the problem:  "x> (x represents any letter) cannot trigger the filter.

-------------------------------------------------

POC2:

http://www.53kf.com/product.php?arg=&search="id=>
x

That's all. Thanks for help from my friend jackmasa (@Sogili in Wooyun.org).

Author: Gainover

Group:  PKAV .net & Wooyun.org

From: http://zone.wooyun.org/content/1411

文章来源于lcx.cc:IE8 xss filter bypass

相关推荐: 【批处理】批处理、Bat 中特殊符号的实际作用

批处理、Bat 中特殊符号的实际作用,Windows 批处理中特殊符号的作用: @ 隐藏命令的回显。 ~ 在for中表示使用增强的变量扩展; 在set中表示使用扩展环境变量指定位置的字符串; 在set/a中表示按位取反。 % 使用两个%包含一个字符串表示引用环…

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年4月3日19:29:06
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   IE8 xss filter bypasshttp://cn-sec.com/archives/322839.html

发表评论

匿名网友 填写信息