what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Google Chrome 31.0 Webkit Auditor Bypass

Google Chrome 31.0 Webkit Auditor Bypass
Posted Sep 24, 2013
Authored by Rafay Baloch, PEPE Vila

Google Chrome version 31.0 suffers from an auditor bypass that allows for cross site scripting attacks to successfully get through.

tags | exploit, xss, bypass
SHA-256 | ba730e1d9e5dba89adb7eb72d4c901489959c46cdbb4688cc1c4ada164dbfbf6

Google Chrome 31.0 Webkit Auditor Bypass

Change Mirror Download
# Title: Chrome 31.0 Webkit XSS Auditor Bypass
# Product: Google Chrome
# Author: Rafay Baloch @rafaybaloch And PEPE Vila


============
Description
============

Chrome XSS Auditor is a client side XSS filter used by google chrome
to protect against XSS attacks. Chrome XSS filter has already been beaten
a lot of times and there still exists lots of contexts where it fails.

============
Vulnerability
============

The vulnerability lies in the way people escape certain characters, while
replacing certain characters with characters
that would still yeild a valid javascript syntax. For instance, stripping
out Single quotes, Double quotes etc with - would yield a valid javascript
syntax and since the response won't match the output parameter.

================
Proof of concept
================

The following is a challenge setup by a gentle man with a nick "Strong boi":

http://12342.site11.com/level2.php

The expected solution was to use a well known unfixed bug in chrome and
using both parameters a and b to execute the javascript. However, we
noticed a different behaviour, when we injected an apostrophe. It was being
converted to - and hence yielding a valid syntax and executing the
javascript. So, this would work whenever the server side application
would try replacing special characters to - or anything similar that
would make the syntax valid.

http://12342.site11.com/level2.php?a=%22%3E%3Cscript%3E'alert(0);%3C/script%3E

Output Source:

First search:<input type="text" name="a"
value="<script>1-alert(0);</script>"/><br>
Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close