Category: DOM XSS

DOM XSS, location.hash, Stored XSS, Same Origin Policy, CoTS Scanners

Dear – Your CSP doesn’t report Stored XSS, its inside SOP. You append my location.hash to your Document and Save the URL in Dash. #DOMXSS TL;DR DOM XSS testing via location.hash is hard to Automate; Get a Bug Bounty or Publish a CVD XSS – Cross Site Scripting 101 DOM XSS begins at window.location.hash ‘#’ […]

Stored DOM XSS, icloud.com, Javascript Injection, jQuery 1.7.2, User Agent Exploitation, May 2013

TL;DR In May 2013 XSS.Cx reported Stored XSS in www.icloud.com and all related applications due to the execution of the Javascript Protocol Handler. The Root Cause of the Issue was using Notes to inject the Code and then a Browser to View the Exploit. An Attacker could craft a malicious Note and then Share the […]

CVE-2014-4406, APPLE-SA-2014-09-17-5 OS X Server 3.2.1, DOM XSS, window.location.hash

CVE-2014-4406, APPLE-SA-2014-09-17-5 OS X Server 3.2.1, DOM XSS, window.location.hash Keywords Cross-Site Scripting (XSS), Document Object Model (DOM), window.location.hash, User Agent Exploitation, Proof of Concept (PoC), CVE-2014-4406, APPLE-SA-2014-09-17-5 OS X Server 3.2.1, XCode Server, CVE-2013-1034, SVG, toString, innerHTML CVE-2014-4406 Summary Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 […]

deals.ebay.com, DOM XSS, Javascript Injection, Cross Site Scripting, location.hash, Resolved

DOM XSS in deals.ebay.com Reported Q2/2013, Resolved Q3/2013 with Report. A quick review of http://html5sec.org/jquery/ makes it easy to pick out Sites with DOM XSS, Credit to .Mario. Once upon a time, deals.ebay.com had an out of date jQuery V1.7 Installation… DOM XSS in deals.ebay.com via jQuery 1.7 using IE10 (above), DOMinator FireFox below.