Revisiting XSS Sanitization - Black Hat

Preview:

Click to see full reader

Citation preview

RevisitingXSSSanitization

AtalkbyAsharJaved@

The15thInternationalWorkshoponInformationSecurityApplications(WISA2014),Korea

MagentoCommerce

https://www.magentocommerce.com/boards/member/messages/compose/

TwitterTranslation

https://translate.twitter.com/forum/forums/translators-general-discussion/topics/new

Amazon

https://kdp.amazon.com/community/post!default.jspa?forumID=9

Yahoo

https://us-mg5.mail.yahoo.com/neo/launch#4280379

338

http://editor.froala.com/

Froala

https://github.com/froala/wysiwyg-editor/issues/33#issuecomment-40289023

Jive

https://community.jivesoftware.com

Jive

http://trust.jivesoftware.com/why-jive/customers/#view=list

TinyMCE

http://www.tinymce.com/tryit/full.php

TinyMCE

http://www.tinymce.com/enterprise/using.php

CKEditor

http://ckeditor.com/demo#full

CKEditor

http://ckeditor.com/about/who-is-using-ckeditor

MooEditable

http://cheeaun.github.io/mooeditable/

CNETForums

http://forums.cnet.com/windows-8-forum/?tag=contentMain;contentBody&refresh=1410685383672

https://twitter.com/soaj1664ashar/status/342002554118492162

Cross-SiteScripting:MyLoveWhereisSecureCode?

OnBreakingPHP-BasedXSSProtectionMechanismsintheWild

MagentoCommerce

http://magento.com/security

https://www.magentocommerce.com/boards/

http://www.magentocommerce.com/boards/

MagentoCommerce

https://github.com/EllisLab/CodeIgniter/blob/develop/system/core/Security.php#L124

http://trends.builtwith.com/framework/CodeIgniter

https://github.com/EllisLab/CodeIgniter/issues/2667

width:expre/**/ssion(alert(1))isanoldtrickdiscussedinSLA.CKERS

" "cookieisnot ....

http://www.magentocommerce.com/boards/member/382896/

http://www.scribd.com/doc/226925089/Stylish-XSS-in-Magento-When-Style-helps-you

http://xssplayground.net23.net/xss%22onmouseover=%22alert(1);%20imagefile.svg?"onmouseover="alert(1)

Alexa

http://issuu.com/mscasharjaved/docs/urlwriteup/1

GitHub

https://bounty.github.com/researchers/soaj1664.html

https://www.owasp.org/images/0/03/Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf

SellerCentral KindleDirectPublishing

Internallyitistreatedas...

data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4gCjwhRE9DVFlQRSBodG1sIFsgCjwhRU5USVRZIHhzcyAiJiM2MDtzY3JpcHQmIzYyO2NvbmZpcm0obG9jYXRpb24pJiM2MDsvc2NyaXB0JiM2MjsiPiAKXT4gCjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj4gCjxoZWFkPiAKPHRpdGxlPlhNTCBYU1MgVmVjdG9yPC90aXRsZT4gCjwvaGVhZD4gCjxib2R5PiAKJnhzczsgCjwvYm9keT4gCjwvaHRtbD4=

Usefulincasesifsitesautomaticallyinsertanchortag(<a>)aroundimage...

http://css-tricks.com/using-svg/

https://twitter.com/filedescriptor/status/512252595906158592

(MarioHeiderich'sUtility)

https://html5sec.org/innerhtml/

Lithium

http://www.tinymce.com/develop/bugtracker_view.php?id=6858

FreeTextBox

http://www.freetextbox.com/

KindEditor

http://kindeditor.net/case.php

PHPHTMLEdit

WebWiz

seehttps://www.webwiz.co.uk/company-info/customer-testimonials.htm

EditLive

http://ephox.com/customers

MarkItUp

http://markitup.jaysalvat.com/home/

Mercury

http://jejacks0n.github.io/mercury/

MooEditable

https://github.com/froala/wysiwyg-editor/issues/33

http://www.tinymce.com/develop/bugtracker_view.php?id=6851

https://twitter.com/soaj1664ashar/status/513229764078104576

TwitterTranslation's

https://translate.twitter.com/forum/forums/feature-requests/topics/new

http://www.scribd.com/doc/211362856/Stored-XSS-in-Twitter-Translation

@ndm

https://twitter.com/ndm/status/456129160411234304

MarkDown

http://daringfireball.net/projects/markdown/dingus

StandardMarkdown

http://standardmarkdown.com/

http://blog.codinghorror.com/standard-markdown-is-now-common-markdown/

ImperaviRedactor

http://imperavi.com/redactor/

Froala

Raptor

Wiki

Microsoft.com

http://social.technet.microsoft.com/wiki/contents/articles/26824.dhhfhdfhdfhdhdfhdretertertert.aspx

http://demo.chm-software.com/7fc785c6bd26b49d7a7698a7

518a73ed/

http://jsfiddle.net/9t8UM/3/

http://xssplayground.net23.net/xssfilter.html

https://twitter.com/sstephenson/status/507931945594937344

https://www.facebook.com/editnote.php

https://twitter.com/sstephenson/status/507931444182667264

@soaj1664ashar

Recommended

Evolution Xss
Technology
Secure Data Sanitization
Documents
Xss Desvendado!
Technology
Combinatorial XSS Attack Grammars - SBA Research · Combinatorial XSS Attack Grammars XSS Vectors for ... SBA Research April 10, 2015 SBA Research, Vienna. Outline Introduction XSS
Documents
Automated Sanitization Device – Hand Sanitization, Thermal
Documents
Grails vs XSS: Defending Grails against XSS attacks
Technology
Sanitization of Electronic Media
Documents
XSS Remediation
Technology
MEDIA SANITIZATION MANUAL
Documents
CTFA Cleaning & Sanitization Guidelines
Documents
XSS ATACKS
Documents
XSS Documentation
Documents
CSP - the panacea for XSS - owasp.org another security blogger . XSS. 4 XSS ... Over 12 million email messages daily ... CSP Based IDS Magic XSS XSS XSS Test & Fix . 29
Documents
Universal XSS via IE8s XSS Filters - Black Hat | Home
Documents
XSS - brutelogic.com.brbrutelogic.com.br/docs/XSS-FTW.pdf · Agenda Fast Intro to XSS Dangers of XSS Virtual Defacement LSD - Leakage, Spying and Deceiving Account Stealing Memory
Documents
Hot Water Sanitization-050911 Bulletins/Hot Water Sanitization .pdf · Hot Water Sanitization • Fully automatic system. No user or technical action required. • Uses the internal
Documents
Common Sanitization Practices andCommon Sanitization
Documents
Revisiting XSS Sanitization - ISACA Presentations... · Save XSSed (Rails) Mercury The page at jejacksOn.github.io says: Llrdo rev tav Mercury Editor Downloads Documentation Mercury
Documents
Universal XSS via IE8s XSS Filters - Black Hat Briefings · Universal XSS via IE8s XSS Filters the sordid tale of a wayward hash sign slides:
Documents
Xss attacks
Education