zoukankan      html  css  js  c++  java

  • 基于chrome内核的UXSS

    url with a leading NULL byte can bypass cross origin protection.
https://code.google.com/p/chromium/issues/detail?id=37383

Universal XSS in frame elements handling
https://code.google.com/p/chromium/issues/detail?id=143439

Pwnium UXSS variation        
https://code.google.com/p/chromium/issues/detail?id=117550            

UXSS with document.baseURI
https://code.google.com/p/chromium/issues/detail?id=90222

Universal XSS using widget updates in ContainerNode::parserRemoveChild        
https://bugs.chromium.org/p/chromium/issues/detail?id=560011

Security: Universal XSS using Flash message loop        
https://bugs.chromium.org/p/chromium/issues/detail?id=569496

Cross-origin access using window.execScript + code execution        
https://bugs.chromium.org/p/chromium/issues/detail?id=83096    

Universal XSS using contentWindow.eval        
https://bugs.chromium.org/p/chromium/issues/detail?id=83743

UXSS with empty SecurityOrigin    
https://bugs.chromium.org/p/chromium/issues/detail?id=89453    

UXSS / frame escape with window.open        
https://bugs.chromium.org/p/chromium/issues/detail?id=89520    

UXSS with document.baseURI
https://bugs.chromium.org/p/chromium/issues/detail?id=90222

Arbitrary cross-origin bypass using __defineGetter__ prototype override    
https://bugs.chromium.org/p/chromium/issues/detail?id=93416

UXSS using Object.getPrototypeOf
https://bugs.chromium.org/p/chromium/issues/detail?id=93759

Cross-origin access to window.__proto__
https://bugs.chromium.org/p/chromium/issues/detail?id=95671

UXSS and use-after-free when DOMWindow is accessed after navigation
https://bugs.chromium.org/p/chromium/issues/detail?id=96047

UXSS via Object::GetRealNamedPropertyInPrototypeChain
https://bugs.chromium.org/p/chromium/issues/detail?id=96885

UXSS via HTMLObjectElement
https://bugs.chromium.org/p/chromium/issues/detail?id=98053

UXSS: XSLT-generated document should inherit its SecurityOrigin from the source document
https://bugs.chromium.org/p/chromium/issues/detail?id=99512

UXSS: executeIfJavaScriptURL gets confused by synchronous frame loads
https://bugs.chromium.org/p/chromium/issues/detail?id=99750

Location bar spoofing when using replaceState in unload event handler
https://bugs.chromium.org/p/chromium/issues/detail?id=101235

Pwnium UXSS variation
https://bugs.chromium.org/p/chromium/issues/detail?id=117550

v8 builtins object exposed to user causing UXSS
https://bugs.chromium.org/p/chromium/issues/detail?id=143437

Universal XSS in frame elements handling        
https://bugs.chromium.org/p/chromium/issues/detail?id=143439
  • 相关阅读:
    基础MYSQl技巧集锦
    C MySQL float类型数据 用 printf()打印
    1Tomcat+Axis+Eclipse实例讲解 2自己做的一个可以用的webservice,只是开始 (WebService好文)
    信号量 进程 (m个生产者,n个消费者,容量为r的缓冲区)
    信号量和同步互斥
    C语言 wait()信号量部分 signal()信号量部分代码
    Tomcat+Axis+Eclipse实例讲解
    MySQL 集合 补集
    SELECT DocID, SUM(a.Score + B.Score) AS TOTAL Itemset_ONE a LEFT Join Itemset_Two b ON a.DocID=b.DocID 太慢
    Yii AR Model 查询
  • 原文地址:https://www.cnblogs.com/sevck/p/5841196.html
Copyright © 2011-2022 走看看