Webkit XSS Editor

This is a short writeup about a technic I found on how to use Webkit XSS editor to your advantage.

As every security researcher knows the “XSS editor” basically killed reflected XSS attacks on every webkit based browser. By reading the requested URL and compering it to the document output the “XSS editor” knows to identify potentially malicious code and block it, this sound grate right? well kind off.

The problem with this logic is that the “XSS editor” just block everything that looks suspicious. this could become a real problem in some cases. an attacker can leverage a JavaScript error to bypass some sort of filter or a validation.

http://exmple.com/?payload=<script src="filters.js"></script>

In the example above I force the browser to block “filters.js“, you can also block inline scripts using the same method just include the code into some parameter on your request and the XSS editor will take care of the rest.

As I said this is only useful in some cases but you can pretty much brake any site with this. ; – )


Leave a Reply

Your email address will not be published. Required fields are marked *