All Questions
25 questions
0
votes
0
answers
122
views
Are there any html Sanitizer() API configs that allow javascript execution?
I'm talking specifically about the HTML Sanitizer API: https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API
The API allows you to configure the sanitizer with a list of allowed elements ...
- 101
2
votes
1
answer
234
views
Is an XSS attack possible under these constraints?
The output is:
<img src="http://example.com/[input]" oncontextmenu="openUrl('http://example.com/[input]')">
Where [input] is the user input, which is sanitised through this ...
- 121
1
vote
0
answers
628
views
Are web worker / service worker secure environments to store a password, credit card information, access tokens?
If there is a case where I wish to store sensitive data like a password, credit card information, or access tokens:
Are web workers / service workers a secure environment, where such data can not be ...
- 111
2
votes
1
answer
556
views
Is it safe to let the user name an object key in JavaScript?
Recently I found a piece of code that takes input from the url. The input then get's saved into a javascript object:
https://website.com/?foo=bar
var x = {"foo": "bar"};
While the value doesn't ...
- 29
3
votes
0
answers
455
views
Sandboxing untrusted JavaScript execution by redeclaring variables
Some irrelevant background (read only if you want to say "no, just use an iframe")
Scenario
Suppose that I downloaded a string jsCode containing arbitrary JavaScript code from a (potentially ...
- 131
0
votes
1
answer
2k
views
How browser parses the escape characters in Javascript (XSS)?
I am new to XSS attacks. Recently, I was doing a project and found that one of my input field (website) is vulnerable to XSS attack. The value in website field is inserted into a href of an anchor tag ...
- 123
9
votes
1
answer
4k
views
MIME types that allow XSS in modern browsers
Assume that it is possible to host arbitrary files on goodguys.com, which are delivered with an attacker-controlled MIME type and X-Content-Type-Options=nosniff. Which MIME types allow for XSS when ...
3
votes
1
answer
7k
views
How secure is HTML5 web storage (sessionStorage and localStorage)?
I'm thinking of using either sessionStorage or localStorage to store some important user data.
The extension's functionality will only work in the context of a particular website that defaults to ...
- 171
8
votes
3
answers
2k
views
Did XSS reach its end-of-life with the introduction of the HTTP X-XSS-Protection header?
With the introduction of the HTTP X-XSS-Protection header it seems to me that the vulnerability impact (read: amount of possibly affected users with modern browsers) is drastically reduced.
Firstly, ...
- 7,135
5
votes
1
answer
319
views
Why don't web templating frameworks HTML escape all data by default?
I recently discovered an XSS vulnerability in an application that uses JSP to render pages. The vulnerable code in the JSP was something like this:
<td>${customer.notes}</td>
It was ...
- 295
5
votes
2
answers
16k
views
XSS vectors in img src and background-image url
I'm a little confused about XSS vulnerabilities when serving img.src and background url. From what I understand, the only way to execute javascript in this case, is to use javascript protocol. Let's ...
- 211
1
vote
1
answer
526
views
XSS Page Cannot be Displayed
When I try XSS on various websites, such as inserting " onmouseover="alert(1) in a search box, I either get a message saying You don't have permission to access this page or This page cannot be ...
- 123
-2
votes
1
answer
189
views
Clicking a lot of website links in Google Maps, then sent through multiple URL redirects, and lastly to a page that made my laptop start beeping?
I was in Google maps clicking on all the website links listed in the side panel, looking at every website really fast. Note, they were all tattoo parlors. One of the links I clicked bounced me through ...
- 1
4
votes
4
answers
191
views
Would an official <disablescripts> HTML (6?) element/wrapper combat XSS effectively?
Would it not be possible to use such a method to wrap areas where user input/output is expected (eg. comment boxes), so that even if a script is successfully injected through regex evasion, the script ...
- 425
4
votes
3
answers
3k
views
HOW is the malicious URL/payload is delivered to the user on a DOM based XSS attack?
Testing for DOM based XSS at OWASP reads:
The first hypothetical example uses the following client side code:
<script>
document.write("Site is at: " + document.location.href + ".");
</...
- 2,483
12
votes
2
answers
16k
views
How does BeEF work and how can it be persistent?
BeEF - the browser exploitation framework. I think (thought) I had a basic working understanding of how it works. Recently, though, I was watching, this DEFCON talk, where a hacker used a man-in-the-...
- 223
0
votes
1
answer
241
views
From a security perspective, why not a screenshot api for browser? [closed]
I mean a javascript api for capturing a renderered html page, or current viewport, and dump content onto an image.
While there are obvious attacks, such as taking screenshot of sensitive information, ...
- 213
2
votes
1
answer
616
views
XSS: alert() not executed on different OS/computer
I've encountered a strange behavior while I was performing a security audit of a web application. Some user controlled inputs were displaying their values, unencoded, into the page that processed the ...
- 21
12
votes
1
answer
2k
views
XSS Technique - & JavaScript Include
I was looking through the OWASP XSS Filter Evasion Cheat Sheet, and there was one technique that was completely new to me:
& JavaScript includes
<BR SIZE="&{alert('XSS')}">
I tried ...
- 223
1
vote
1
answer
470
views
Is it safe to call an untrusted service with jquery.ajax and dataType 'jsonp'
From what I understand, the JSON-P technique generates a script tag into the DOM of an HTML page to get across the single-origin restrictions imposed on the XMLHttpRequest JavaScript API for AJAX ...
- 113
17
votes
2
answers
16k
views
UTF-7 XSS attacks in modern browsers
I've recently read Ned Batchelders article on UTF-7 XSS-attacks. I tested his examples, but could not get any UTF-7 attack to work in modern browsers. I tried recent versions of Firefox, Chrome and ...
- 365
1
vote
1
answer
5k
views
bypass a regex filtration to perform an xss attack
Does the regex [\w/$!.*-]+$ stop the injection of payloads like :
"><script>alert(4)</script>
" onload="alert(4)"
...
- 27
0
votes
1
answer
675
views
some questions about DOM based XSS [closed]
Is it possible to do a DOM based xss attack with window.location.protocol?
How can we use dom based xss with document.title?
How can we bypass the escape javascript function if it is used?
thank you
- 27
10
votes
2
answers
16k
views
DOM Based XSS attacks: what is the most dangerous example?
I knew that XSS attacks (“non-persistent” and “persistent”) can hijack user session, deface websites, conduct phishing attack, etc.
However, I can't understand what is dangerous of DOM Based XSS if ...
- 1,377
16
votes
6
answers
7k
views
Solution to allow JavaScript input but prevent XSS
We have a simple Blog system that allows users to input html and JavaScript to build a blog page. I'm aware that allowing javascript open up the door to xss attacks. We do however need to allow users ...
- 263