×
  • Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 

The innerHTML Apocalypse

by Security Research / Penetration Testing at Cure53 on Apr 25, 2013

  • 22,215 views

This talk introduces and discusses a novel, mostly unpublished technique to successfully attack websites that are applied with state-of-the-art XSS protection. This attack labeled Mutation-XSS (mXSS) ...

This talk introduces and discusses a novel, mostly unpublished technique to successfully attack websites that are applied with state-of-the-art XSS protection. This attack labeled Mutation-XSS (mXSS) is capable of bypassing high-end filter systems by utilizing the browser and its unknown capabilities - every single f***** one of them. We analyzed the type and number of high-profile websites and applications that are affected by this kind of attack. Several live demos during the presentation will share these impressions and help understanding, what mXSS is, why mXSS is possible and why it is of importance for defenders as well as professional attackers to understand and examine mXSS even further. The talk wraps up several years of research on this field, shows the abhorrent findings, discusses the consequences and delivers a step-by-step guide on how to protect against this kind of mayhem - with a strong focus on feasibility and scalability.

Statistics

Views

Total Views
22,215
Views on SlideShare
14,991
Embed Views
7,224

Actions

Likes
11
Downloads
171
Comments
0

67 Embeds 7,224

http://www.opennet.ru 2575
http://www.redditmedia.com 978
https://twitter.com 686
http://www.worldit.info 543
http://www.infosecstudent.com 455
http://tips-tricks-tops.blogspot.com 451
http://tips-tricks-tops.blogspot.ro 264
http://tips-tricks-tops.blogspot.sg 231
http://tips-tricks-tops.blogspot.de 194
http://feeds.feedburner.com 106
http://tips-tricks-tops.blogspot.in 99
http://tips-tricks-tops.blogspot.fr 82
http://www.scoop.it 65
http://tips-tricks-tops.blogspot.co.uk 52
http://tips-tricks-tops.blogspot.com.es 47
http://tips-tricks-tops.blogspot.se 34
http://tips-tricks-tops.blogspot.ru 28
http://tips-tricks-tops.blogspot.ca 21
http://tweetedtimes.com 20
http://tips-tricks-tops.blogspot.com.au 20
http://tips-tricks-tops.blogspot.no 19
http://tips-tricks-tops.blogspot.fi 16
http://tips-tricks-tops.blogspot.be 16
http://tips-tricks-tops.blogspot.nl 16
http://blog.alexcoman.com 15
http://opennet.ru 14
http://tips-tricks-tops.blogspot.co.il 11
http://mobile.opennet.ru 11
http://tips-tricks-tops.blogspot.ch 10
http://iblunk.com 10
http://tips-tricks-tops.blogspot.kr 10
http://tips-tricks-tops.blogspot.it 10
http://tips-tricks-tops.blogspot.com.ar 8
http://tips-tricks-tops.blogspot.tw 8
http://tips-tricks-tops.blogspot.ie 7
http://tips-tricks-tops.blogspot.jp 7
http://tips-tricks-tops.blogspot.cz 7
http://tips-tricks-tops.blogspot.pt 6
http://translate.googleusercontent.com 6
http://tips-tricks-tops.blogspot.hk 6
http://tips-tricks-tops.blogspot.co.at 6
http://tips-tricks-tops.blogspot.ae 5
http://localhost 4
http://tips-tricks-tops.blogspot.dk 4
http://tips-tricks-tops.blogspot.mx 4
http://tips-tricks-tops.blogspot.gr 4
http://tips-tricks-tops.blogspot.com.br 3
https://mail.google.com 3
http://tips-tricks-tops.blogspot.sk 3
http://ua.opennet.ru 2
More...

Accessibility

Categories

Upload Details

Uploaded via SlideShare as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
Post Comment
Edit your comment

The innerHTML Apocalypse The innerHTML Apocalypse Presentation Transcript