Wednesday, December 16, 2015

X-XSS-Nightmare: XSS Attacks Exploiting XSS Filter

In this post, I would like to share XSS attack using IE's XSS filter. This issue was fixed in the December patch by Microsoft. (CVE-2015-6144 / CVE-2015-6176)

I spoke about this topics in the Japanese info-sec conference called CODE BLUE. You can find my name here. In my presentation, I talked about only the concept and I didn't touch details of attack techniques because it was not fixed at that time. 

Today, I can finally release hidden slides! Yeah!
The real X-XSS-Nightmare slides is the following.



Some attack vectors which I have reported are not fixed yet. So, I had to remove some slides :p

You can reproduce some PoC from this page:

http://l0.cm/xxn/


I hope you will enjoy it!
Posted by at
Labels: , , , ,

6 comments:

  1. HuongkvNovember 11, 2020 at 5:55 PM

    Aivivu vé máy bay giá rẻ

    giá vé máy bay tết

    vé máy bay đi Mỹ giá bao nhiêu

    vé máy bay đi Pháp giá rẻ

    vé máy bay đi hàn quốc 2 chiều

    giá vé máy bay sang nhật bản

    từ Việt Nam bay sang Anh mất bao lâu

    ReplyDelete
  2. HuongkvFebruary 5, 2021 at 12:13 AM

    Aivivu chuyên vé máy bay, tham khảo

    gia ve may bay di my

    vé máy bay từ los angeles về việt nam

    giá vé máy bay đi Los Angeles

    chuyến bay từ canada về việt nam

    ReplyDelete
  3. jewelrywholesaleDecember 17, 2021 at 6:35 AM

    good article, i like it
    RC airplane

    ReplyDelete
  4. 먹튀검증October 14, 2022 at 11:14 PM

    Pretty! This was 먹튀검증 an extremely wonderful article. Thank you for providing this information.

    ReplyDelete
  5. PamelaJanuary 20, 2025 at 5:31 PM

    Great insights on XSS vulnerabilities! It's crucial to stay updated on security patches like the December fix from Microsoft. For those looking to unwind after diving into such technical topics, I recommend checking out Funny Shooter 2

    ReplyDelete
  6. Nicky MinalFebruary 26, 2025 at 6:39 PM

    Great insights on XSS vulnerabilities! It's crucial to stay updated on security patches like those from Microsoft. As we discuss these technical issues, I can't help but think of how game developers, like those behind Snow rider , must also prioritize security to protect user data. It’s fascinating how different fields intersect with cybersecurity. Looking forward to seeing your hidden slides!

    ReplyDelete

Subscribe to: Post Comments (Atom)