はてなブックマーク

If you are here because you thought the title meant Return Oriented Programming (ROP), then sorry for the clickbait. I wanted to introduce a techninque to help exploit Relative Path Overwrite (RPO) when XSS is not an option by chaining "gadgets". This will be the first part of the series of me exploiting RPO against Google's services. Since this is an advanced topic, readers are expected to have f

A few days ago, I made a poll on Twitter to see what people think is the worst setting for the XSS filter/auditor. The results are very surprising: Which header setting of XSS filter/auditor do you think is the worst? — File Descriptor (@filedescriptor) March 17, 2016 In short, the worst goes to X-XSS-Protection: 0, followed by X-XSS-Protection: 1; mode=block, and finally X-XSS-Protection: 1 being

This blog post is a write-up of CVE-2015-1287 and CVE-2015-5826 Prologue If you are a boring person like me and read specs in spare time, you may have come across this potential attack described by the CSP 2 spec: [..] if the user agent uses a lax CSS parsing algorithm, an attacker might be able to trick the user agent into accepting malicious "stylesheets" hosted by an otherwise trustworthy origi

Status: Fixed (as of Jan 13, 2016) Recently a Universal Cross-Site Scripting(UXSS) vulnerability (CVE-2015-0072) was disclosed on the Full Disclosure mailing list. This unpatched 0day vulnerability discovered by David Leo results in a full bypass of the Same-Origin Policy(SOP) on the latest version of Internet Explorer. This article will briefly explain the technical details behind the vulnerabili