Bypassing Chrome’s Anti-XSS Filter，绕过谷歌浏览器 XSS 过滤器

Hi! Just wanted to share my finding. I’ve found a way to bypass Chrome’s anti-xss filter. This bypass is universal, and it defeats Chrome’s XSSAuditor in all cases!

Description

XSS attacks occur when one website injects JavaScript code into otherwise legitimate requests to another website. The injected script generally attempts to access privileged information. The XSS Filter detects JavaScript in URL and HTTP POST requests. If JavaScript is detected, the XSS Filter searches evidence of reflection. If reflection is detected, the XSS Filter sanitizes the original request so that the additional JavaScript cannot be executed. However, the XSS filter can by bypassed with leading regexp inside svg script tag.

Details

Title: Google Chrome Anti-XSS Filter Bypass
Affected Products: Google Chrome 43.0.2357.124 m (letest stable version)
Discovery Date: 16-06-15
Author: Yosi Ovadia (http://vulnerable.info/)
Payload: 

POC

http://vulnerable.info/poc/poc.php?foo=%3Csvg%3E%3Cscript%3E/%3C1/%3Ealert(document.domain)%3C/script%3E%3C/svg%3E

Reporting

The issue was reported to chromium security team, and was fixed within 5 hours. The team marked it as a significant bypass.

Patch

https://codereview.chromium.org/1187843005/

Revision

http://src.chromium.org/viewvc/blink?view=revision&revision=197282

Best!

from: http://vulnerable.info/browsers/bypassing-chromes-anti-xss-filter/

文章来源于lcx.cc:Bypassing Chrome’s Anti-XSS Filter，绕过谷歌浏览器 XSS 过滤器

相关推荐: 论黑产黑阔如何安全地转移赃款/洗钱？

0x00 背景 相信曾经与黑色产业打过交道的同鞋们对这个话题并不陌生。赃款转移，是黑色产业链中最重要的一环，因为这一环直接与黑阔们的收入息息相关。赃款转移地太过安全，容易产生巨额手续费/汇率而导致收入减少。赃款转移不够安全，容易导致水表被查，也就是那句：有命赚…