Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Brute Logic Profile picture
Brute Logic
@BRuteLogic
#CyberSecurity R&D | #XSS | #WAF #bypass | #hack2learn | @RodoAssis | @KN0X55 | https://t.co/qBK6hpPY3w
5 subscribers
Jun 17, 2019 8 tweets 4 min read
Gonna start a series of tweets about current bypasses in #XSS Auditor, 1 per day.

Bypassing Auditor increases dramatically the success of a XSS attack and the impact of such flaws, affecting users of following major browsers:

Chrome, Opera and Safari.

Stay tuned! 😎 #XSS Auditor Bypass #1

The easiest one, HTMLi breaking out from script block (it must land where JS syntax is not affected though).

</script><svg><script>alert(1)%0A-->

brutelogic.com.br/xss.php?c1=%3C…

Notice the source code becomes red flagged (sign of Auditor) but it still executes.