zoukankan      html  css  js  c++  java
  • 基于chrome内核的UXSS

    url with a leading NULL byte can bypass cross origin protection.
    https://code.google.com/p/chromium/issues/detail?id=37383
    
    Universal XSS in frame elements handling
    https://code.google.com/p/chromium/issues/detail?id=143439
    
    Pwnium UXSS variation        
    https://code.google.com/p/chromium/issues/detail?id=117550            
    
    UXSS with document.baseURI
    https://code.google.com/p/chromium/issues/detail?id=90222
    
    Universal XSS using widget updates in ContainerNode::parserRemoveChild        
    https://bugs.chromium.org/p/chromium/issues/detail?id=560011
    
    Security: Universal XSS using Flash message loop        
    https://bugs.chromium.org/p/chromium/issues/detail?id=569496
    
    Cross-origin access using window.execScript + code execution        
    https://bugs.chromium.org/p/chromium/issues/detail?id=83096    
    
    Universal XSS using contentWindow.eval        
    https://bugs.chromium.org/p/chromium/issues/detail?id=83743
    
    UXSS with empty SecurityOrigin    
    https://bugs.chromium.org/p/chromium/issues/detail?id=89453    
    
    UXSS / frame escape with window.open        
    https://bugs.chromium.org/p/chromium/issues/detail?id=89520    
    
    UXSS with document.baseURI
    https://bugs.chromium.org/p/chromium/issues/detail?id=90222
    
    Arbitrary cross-origin bypass using __defineGetter__ prototype override    
    https://bugs.chromium.org/p/chromium/issues/detail?id=93416
    
    UXSS using Object.getPrototypeOf
    https://bugs.chromium.org/p/chromium/issues/detail?id=93759
    
    Cross-origin access to window.__proto__
    https://bugs.chromium.org/p/chromium/issues/detail?id=95671
    
    UXSS and use-after-free when DOMWindow is accessed after navigation
    https://bugs.chromium.org/p/chromium/issues/detail?id=96047
    
    UXSS via Object::GetRealNamedPropertyInPrototypeChain
    https://bugs.chromium.org/p/chromium/issues/detail?id=96885
    
    UXSS via HTMLObjectElement
    https://bugs.chromium.org/p/chromium/issues/detail?id=98053
    
    UXSS: XSLT-generated document should inherit its SecurityOrigin from the source document
    https://bugs.chromium.org/p/chromium/issues/detail?id=99512
    
    UXSS: executeIfJavaScriptURL gets confused by synchronous frame loads
    https://bugs.chromium.org/p/chromium/issues/detail?id=99750
    
    Location bar spoofing when using replaceState in unload event handler
    https://bugs.chromium.org/p/chromium/issues/detail?id=101235
    
    Pwnium UXSS variation
    https://bugs.chromium.org/p/chromium/issues/detail?id=117550
    
    v8 builtins object exposed to user causing UXSS
    https://bugs.chromium.org/p/chromium/issues/detail?id=143437
    
    Universal XSS in frame elements handling        
    https://bugs.chromium.org/p/chromium/issues/detail?id=143439
  • 相关阅读:
    Windows Vista 桌面窗口管理器(1)
    Thinking in Java读书笔记――数组
    php图片上传存储源码,可实现预览
    php at(@)符号的用法简介
    Apache如何添加虚拟目录
    也发个PHP人民币金额数字转中文大写
    PHP Get Current URL
    Zend Studio下的PHP代码调试
    PHP url 加密解密函数
    使用新浪微博php SDK的一点记录
  • 原文地址:https://www.cnblogs.com/sevck/p/5841196.html
Copyright © 2011-2022 走看看