Hey, I got a 403 while attempting to visit the URL.
Error 403 demofaast.elevenpaths.com <http://demofaast.elevenpaths.com:9002/> Apache/2.4.4 (Win32) OpenSSL/0.9.8y PHP/5.4.19 Thanks, Pedro 2014/1/22 vu...@11paths.com <vu...@11paths.com> > Modern browsers usually have an antiXSS filter, that protects users from > some of the consequences of this kind of attacks. Normally, they block > cross site scripting execution, so the "injected" code (normally, > JavaScript or HTML) is not executed inside victim's browser. Chrome calls > this filter XSSAuditor. > > > But if the victim visits a website with an XSS problem that an attacker is > trying to take advantage of, it would not be fully protected. This bug > is based on a misuse of srcdoc attribute of IFRAME tag, included > in HTML5 definition. To perform an XSS attack on Google Chrome > Browser or Safari using this bug, the website must include an IFRAME > and must be able to read any attribute of this element from HTTP parameters > (GET/POST) without applying any charset filter. Then, in the IFRAME > parameter, the srcdoc attribute may be included with JavaScript > code. The browser cannot filter it and will be executed. > > > An HTML injection on src parameter would be: > > > iframe src=""srcdoc="<script>alert('Bypass message')</script>" > > > For a proof of concept, visit: > > > > http://demofaast.elevenpaths.com:9002/xssbypass/iframebypass.php?iframe=%22srcdoc=%22%3Cscript%3Ealert('Bypass%20message')%3C/script%3E > > > The problem was reported in October, the 23rd. They fixed it two days > later, making XSSAuditor catch reflected srcdoc properties even without an > "IFRAME" tag injection. Chrome has just fixed it in recent 32.0.1700.76 > version. > > > Safari for Mac and iPhone is vulnerable as well. > > > > This weakness has been discovered by Ioseba Palop from Eleven Paths ( > ioseba.pa...@11paths.com). Full samples and detailed explanation here: > http://blog.elevenpaths.com/2014/01/how-to-bypass-antixss-filter-in-chrome.html > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- GPG: http://is.gd/droope <http://is.gd/signature_>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/