基于chrome的UXSS

时间：2016-09-05 10:33:33 阅读：139 评论：0 收藏：0 [点我收藏+]

标签：

url with a leading NULL byte can bypass cross origin protection.
https://code.google.com/p/chromium/issues/detail?id=37383

Universal XSS in frame elements handling
https://code.google.com/p/chromium/issues/detail?id=143439

Pwnium UXSS variation        
https://code.google.com/p/chromium/issues/detail?id=117550            

UXSS with document.baseURI
https://code.google.com/p/chromium/issues/detail?id=90222

Universal XSS using widget updates in ContainerNode::parserRemoveChild        
https://bugs.chromium.org/p/chromium/issues/detail?id=560011

Security: Universal XSS using Flash message loop        
https://bugs.chromium.org/p/chromium/issues/detail?id=569496

Cross-origin access using window.execScript + code execution        
https://bugs.chromium.org/p/chromium/issues/detail?id=83096    

Universal XSS using contentWindow.eval        
https://bugs.chromium.org/p/chromium/issues/detail?id=83743

UXSS with empty SecurityOrigin    
https://bugs.chromium.org/p/chromium/issues/detail?id=89453    

UXSS / frame escape with window.open        
https://bugs.chromium.org/p/chromium/issues/detail?id=89520    

UXSS with document.baseURI
https://bugs.chromium.org/p/chromium/issues/detail?id=90222

Arbitrary cross-origin bypass using __defineGetter__ prototype override    
https://bugs.chromium.org/p/chromium/issues/detail?id=93416

UXSS using Object.getPrototypeOf
https://bugs.chromium.org/p/chromium/issues/detail?id=93759

Cross-origin access to window.__proto__
https://bugs.chromium.org/p/chromium/issues/detail?id=95671

UXSS and use-after-free when DOMWindow is accessed after navigation
https://bugs.chromium.org/p/chromium/issues/detail?id=96047

UXSS via Object::GetRealNamedPropertyInPrototypeChain
https://bugs.chromium.org/p/chromium/issues/detail?id=96885

UXSS via HTMLObjectElement
https://bugs.chromium.org/p/chromium/issues/detail?id=98053

UXSS: XSLT-generated document should inherit its SecurityOrigin from the source document
https://bugs.chromium.org/p/chromium/issues/detail?id=99512

UXSS: executeIfJavaScriptURL gets confused by synchronous frame loads
https://bugs.chromium.org/p/chromium/issues/detail?id=99750

Location bar spoofing when using replaceState in unload event handler
https://bugs.chromium.org/p/chromium/issues/detail?id=101235

Pwnium UXSS variation
https://bugs.chromium.org/p/chromium/issues/detail?id=117550

v8 builtins object exposed to user causing UXSS
https://bugs.chromium.org/p/chromium/issues/detail?id=143437

Universal XSS in frame elements handling        
https://bugs.chromium.org/p/chromium/issues/detail?id=143439

基于chrome的UXSS

标签：

原文地址：http://www.cnblogs.com/sevck/p/5841196.html

踩

(0)

评论一句话评论（0）

分享档案

更多>

2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)

周排行