Hacker News new | past | comments | ask | show | jobs | submit login

Chrome's XSS filter can still be circumvented in quite a few instances. The easiest way I've seen is when the attacker controls at least two variables and can split the XSS across them in such a way that neither half appears malicious but when loaded into the page they create a malicious script.

Example: ?a=<script>void('&b=');alert('XSS')</script>

The value of a is <script>void(' and the value of b is ');alert('XSS')</script>.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: