Skip to content

Internet Explorer XSS Filter bypass

by on February 19, 2013

I always love the XSS technique, it has sometimes that makes the generation of the payload something close to art, where code and creativity found.

I found this quick trick to bypass the IE filter when the output is write inside script tags:

“;alert(document.cookie%2b%0dwindow);//

This works because the filter is looking for document.cookie but inserting the %2b (a + symbol) and %0d (a new line character) it will still render valid JavaScript code and we’ll bypass the filter. It was tested on a Internet Explorer 8 long time ago so maybe Microsoft already patched it!

From → pentura

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: