Cybersecurity information flow

Property-based payloads are payloads based on some particular properties of the document object and the elements. From the document object we already know the location-based payloads and from the elements we have the properties  “innerHTML” and “outerHTML”. Those 3 are very useful to evade a filter or WAF when we get to the point where … Continue reading Tag Blending Obfuscation In Property-Based Payloads
The post Tag Blending Obfuscation In Property-Based Payloads appeared first on Brute XSS.

When dealing with JavaScript injection scenarios sometimes we might get into a difficult situation: the target page is not meant to be accessed directly and some of its code is supposed to use some other code in the setup intended. That leads to some broken script blocks and when the injection context is one of … Continue reading XSS With Hoisting
The post XSS With Hoisting appeared first on Brute XSS.

XSS is all about practice. It requires a lot of time to print in the mind all vectors, payloads and tricks at our disposal. There are lots of XSS cases, each one requiring a different approach and construct to pop the alert box. Thinking on that and following the previous XSS Test Page released with … Continue reading Training XSS Muscles
The post Training XSS Muscles appeared first on Brute XSS.

XSS polyglots are quite popular among beginners and lazy XSS testers since they only require a single copy and paste. Although doomed to be easily flagged by any decent filter or WAF, they can be useful to spot most of the XSS cases out there. Here we will try to build a cost-effective XSS polyglot, … Continue reading Building XSS Polyglots
The post Building XSS Polyglots appeared first on Brute XSS.

Content Security Policy (CSP) is the last line of defense against the exploitation of a XSS vulnerability. When correctly implemented, it seems to be extremely effective in doing so (nowadays). Here we will deal with the possible ways to abuse flaws in its implementation. For a comprehensive reference on CSP check here. Some basic samples … Continue reading CSP Bypass Guidelines
The post CSP Bypass Guidelines appeared first on Brute XSS.

Testing for Cross-Site Scripting (XSS) might seem easy at first sight, with several hacking tools automating this process. But regardless of how tests to find a XSS are performed, automated or manually, here we will see a step-by-step procedure to try to find most of the XSS cases out there. For that we will use … Continue reading Testing for XSS (Like a KNOXSS)
The post Testing for XSS (Like a KNOXSS) appeared first on Brute XSS.

In some cases, an information passed in one of the HTTP headers of the application is not correctly sanitized and it’s outputted somewhere in the requested page or in another end, giving rise to a XSS situation. But unfortunately, once an attacker can’t make a victim to edit his/her own HTTP headers in an actual … Continue reading XSS via HTTP Headers
The post XSS via HTTP Headers appeared first on Brute XSS.

Some Cross-Site Scripting (XSS) vectors arise from strict but allowed possibilities, forming tricky combinations. It’s all about contexts and sometimes the interaction between different contexts with different filters lead to some interesting bypasses. Although in the same document (or page), usually the source code of a HTTP response is formed by 3 different contexts: HTML, … Continue reading Filter Bypass in Multi Context
The post Filter Bypass in Multi Context appeared first on Brute XSS.

Some Cross-Site Scripting (XSS) vectors arise from strict but allowed possibilities, forming tricky combinations. It’s all about contexts and sometimes the interaction between different contexts with different filters lead to some interesting bypasses. Although in the same document (or page), usually the source code of a HTTP response is formed by 3 different contexts: HTML, … Continue reading Filter Bypass in Multi Context
The post Filter Bypass in Multi Context appeared first on Brute XSS.