Wednesday, December 16, 2015

X-XSS-Nightmare: XSS Attacks Exploiting XSS Filter

In this post, I would like to share XSS attack using IE's XSS filter. This issue was fixed in the December patch by Microsoft. (CVE-2015-6144 / CVE-2015-6176)

I spoke about this topics in the Japanese info-sec conference called CODE BLUE. You can find my name here. In my presentation, I talked about only the concept and I didn't touch details of attack techniques because it was not fixed at that time. 

Today, I can finally release hidden slides! Yeah!
The real X-XSS-Nightmare slides is the following.



Some attack vectors which I have reported are not fixed yet. So, I had to remove some slides :p

You can reproduce some PoC from this page:

http://l0.cm/xxn/


I hope you will enjoy it!
Posted by at
Labels: , , , ,

6 comments:

  1. HuongkvNovember 11, 2020 at 5:55 PM

    Aivivu vé máy bay giá rẻ

    giá vé máy bay tết

    vé máy bay đi Mỹ giá bao nhiêu

    vé máy bay đi Pháp giá rẻ

    vé máy bay đi hàn quốc 2 chiều

    giá vé máy bay sang nhật bản

    từ Việt Nam bay sang Anh mất bao lâu

    ReplyDelete
  2. HuongkvFebruary 5, 2021 at 12:13 AM

    Aivivu chuyên vé máy bay, tham khảo

    gia ve may bay di my

    vé máy bay từ los angeles về việt nam

    giá vé máy bay đi Los Angeles

    chuyến bay từ canada về việt nam

    ReplyDelete
  3. jewelrywholesaleDecember 17, 2021 at 6:35 AM

    good article, i like it
    RC airplane

    ReplyDelete
  4. 먹튀검증October 14, 2022 at 11:14 PM

    Pretty! This was 먹튀검증 an extremely wonderful article. Thank you for providing this information.

    ReplyDelete
  5. Nicky MinalFebruary 26, 2025 at 6:39 PM

    Great insights on XSS vulnerabilities! It's crucial to stay updated on security patches like those from Microsoft. As we discuss these technical issues, I can't help but think of how game developers, like those behind Snow rider , must also prioritize security to protect user data. It’s fascinating how different fields intersect with cybersecurity. Looking forward to seeing your hidden slides!

    ReplyDelete
  6. Runa MisasiaMay 22, 2025 at 8:46 PM

    Interesting read! It's fascinating to see how XSS filters, meant to protect users, can themselves become vulnerabilities. It's like trying to secure your house and accidentally leaving the back door unlocked. Makes you wonder about all the potential attack vectors that are still out there, lurking. Reminds me of trying to nail a particularly tricky level in friday night funkin - you think you've got it, then BAM! Unexpected vulnerability. Thanks for sharing the insights!

    ReplyDelete

Subscribe to: Post Comments (Atom)