chrome-xss-auditor-bypass

1 article
sort: new top best
clear filter
bug-bounty497 google347 xss301 microsoft290 facebook261 rce211 exploit198 malware168 apple161 cve135 account-takeover115 bragging-post102 privilege-escalation96 csrf90 phishing86 browser75 writeup74 authentication-bypass69 supply-chain67 dos66 stored-xss65 reflected-xss57 ssrf56 reverse-engineering54 access-control52 react52 input-validation49 cross-site-scripting48 cloudflare47 aws47 docker46 web-security46 lfi46 smart-contract45 sql-injection45 web-application44 ethereum44 ctf43 web343 defi43 oauth43 node41 race-condition39 pentest39 open-source39 idor37 cloud37 info-disclosure36 burp-suite36 auth-bypass35
0 7/10
Magic XSS with two parameters
vulnerability

A stored XSS vulnerability in iframe-based cookie-setting functionality is exploited by chaining two parameters (key and value) to bypass WAF filters and Chrome XSS Auditor protections. The attacker uses newline injection and script tag splitting across multiple parameters to inject arbitrary JavaScript execution (alert(document.cookie)).

xss cross-site-scripting parameter-injection waf-bypass chrome-xss-auditor-bypass cookie-injection javascript-injection string-escaping newline-injection multi-parameter-payload
Google Chrome XSS Auditor Mahmood Shahabi
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 23 hours ago · details