LEXSS: Bypassing Lexical Parsing Security Controls by Chris | PT SWARM
LEXSS:Bypassing Lexical Parsing Security Controls by Chris Davis of @Bishop Fox
"By using special HTML tags that leverage HTML parsing logic, it is possible to achieve cross-site scripting (XSS) even in instances where lexical parsers are used to nullify dangerous content. The primary goal in exploiting these types of XSS vulnerabilities is to get the sanitizing lexical parser to view the data as text data and not computer instructions (e.g., JavaScript instructions)."
Contents: • Introduction to Key Concepts • Cross-site Scripting (XSS) Protections • Cross-site Scripting (XSS) Protections via Lexical Parsing • How the Data Flows Through the HTML Parser • The Concept of the HTML Parser's Context State • Namespaces – Foreign Content and Leveraging the Unexpected Behavior • Sanitizing Lexical Parsing Flow • Test Case 1 = TinyMCE XSS • Test Case 2 = Froala XSS • Prevention • Conclusion • Resources
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...