zoukankan      html  css  js  c++  java
  • 基于chrome内核的UXSS

    url with a leading NULL byte can bypass cross origin protection.
    https://code.google.com/p/chromium/issues/detail?id=37383
    
    Universal XSS in frame elements handling
    https://code.google.com/p/chromium/issues/detail?id=143439
    
    Pwnium UXSS variation        
    https://code.google.com/p/chromium/issues/detail?id=117550            
    
    UXSS with document.baseURI
    https://code.google.com/p/chromium/issues/detail?id=90222
    
    Universal XSS using widget updates in ContainerNode::parserRemoveChild        
    https://bugs.chromium.org/p/chromium/issues/detail?id=560011
    
    Security: Universal XSS using Flash message loop        
    https://bugs.chromium.org/p/chromium/issues/detail?id=569496
    
    Cross-origin access using window.execScript + code execution        
    https://bugs.chromium.org/p/chromium/issues/detail?id=83096    
    
    Universal XSS using contentWindow.eval        
    https://bugs.chromium.org/p/chromium/issues/detail?id=83743
    
    UXSS with empty SecurityOrigin    
    https://bugs.chromium.org/p/chromium/issues/detail?id=89453    
    
    UXSS / frame escape with window.open        
    https://bugs.chromium.org/p/chromium/issues/detail?id=89520    
    
    UXSS with document.baseURI
    https://bugs.chromium.org/p/chromium/issues/detail?id=90222
    
    Arbitrary cross-origin bypass using __defineGetter__ prototype override    
    https://bugs.chromium.org/p/chromium/issues/detail?id=93416
    
    UXSS using Object.getPrototypeOf
    https://bugs.chromium.org/p/chromium/issues/detail?id=93759
    
    Cross-origin access to window.__proto__
    https://bugs.chromium.org/p/chromium/issues/detail?id=95671
    
    UXSS and use-after-free when DOMWindow is accessed after navigation
    https://bugs.chromium.org/p/chromium/issues/detail?id=96047
    
    UXSS via Object::GetRealNamedPropertyInPrototypeChain
    https://bugs.chromium.org/p/chromium/issues/detail?id=96885
    
    UXSS via HTMLObjectElement
    https://bugs.chromium.org/p/chromium/issues/detail?id=98053
    
    UXSS: XSLT-generated document should inherit its SecurityOrigin from the source document
    https://bugs.chromium.org/p/chromium/issues/detail?id=99512
    
    UXSS: executeIfJavaScriptURL gets confused by synchronous frame loads
    https://bugs.chromium.org/p/chromium/issues/detail?id=99750
    
    Location bar spoofing when using replaceState in unload event handler
    https://bugs.chromium.org/p/chromium/issues/detail?id=101235
    
    Pwnium UXSS variation
    https://bugs.chromium.org/p/chromium/issues/detail?id=117550
    
    v8 builtins object exposed to user causing UXSS
    https://bugs.chromium.org/p/chromium/issues/detail?id=143437
    
    Universal XSS in frame elements handling        
    https://bugs.chromium.org/p/chromium/issues/detail?id=143439
  • 相关阅读:
    BSGS算法(大步小步算法)
    UVA-11426【GCD
    UVA-1637【Double Patience】(概率dp)
    UVA-11174【Stand in a Line】
    About
    51nod 1355 斐波那契的最小公倍数
    CodeForces
    CodeForces
    CodeForces
    CodeForces 901C Bipartite Segments
  • 原文地址:https://www.cnblogs.com/sevck/p/5841196.html
Copyright © 2011-2022 走看看