Brute Logic Profile picture
#CyberSecurity R&D | #XSS | #WAF #bypass | #hack2learn | @RodoAssis | @KN0X55 | https://t.co/qBK6hpPY3w
5 subscribers
Jun 17, 2019 8 tweets 4 min read
Gonna start a series of tweets about current bypasses in #XSS Auditor, 1 per day.

Bypassing Auditor increases dramatically the success of a XSS attack and the impact of such flaws, affecting users of following major browsers:

Chrome, Opera and Safari.

Stay tuned! 😎 #XSS Auditor Bypass #1

The easiest one, HTMLi breaking out from script block (it must land where JS syntax is not affected though).

</script><svg><script>alert(1)%0A-->

brutelogic.com.br/xss.php?c1=%3C…

Notice the source code becomes red flagged (sign of Auditor) but it still executes.