Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Working Chrome vectors
Posted by: asilvermtzion
Date: September 16, 2012 08:19AM

Been out of the loop for a while, looks like the mainstream browsers have upped their game in terms of reflective XSS filters since I last looked, in particular I'm struggling to get anything working with Chrome as it removes any onerror, onmouseover attributes, strips anything within script tags, I saw some recent challenges that were using multiple inputs to fool the filters, is that what it takes nowadays to get execution from reflective vulnerabilities?

Options: ReplyQuote
Re: Working Chrome vectors
Posted by: asilvermtzion
Date: September 16, 2012 08:57AM

Not to worry, I found something to work with, looks like SVG is a particularly fruitful area.

Options: ReplyQuote


Sorry, only registered users may post in this forum.