In this post, I would like to share XSS attack using IE's XSS filter. This issue was fixed in the December patch by Microsoft. (CVE-2015-6144 / CVE-2015-6176)
I spoke about this topics in the Japanese info-sec conference called CODE BLUE. You can find my name here. In my presentation, I talked about only the concept and I didn't touch details of attack techniques because it was not fixed at that time.
Today, I can finally release hidden slides! Yeah!
The real X-XSS-Nightmare slides is the following.
Some attack vectors which I have reported are not fixed yet. So, I had to remove some slides :p
You can reproduce some PoC from this page:
http://l0.cm/xxn/
I hope you will enjoy it!
Some attack vectors which I have reported are not fixed yet. So, I had to remove some slides :p
You can reproduce some PoC from this page:
http://l0.cm/xxn/
I hope you will enjoy it!
