Skip to content

Brute XSS

Master the art of Cross Site Scripting.

Home
XSS Cheat Sheet
XSS 101
About

HomeAntiviruXSS White Paper

AntiviruXSS White Paper

May 18, 2016July 6, 2016 Brute The Art of XSS Payload Building

In the following paper, @strukt93 and me describe how we were able to find XSS flaws in 8 out of 9 top antivirus (AV) vendors websites in january 2016.

See how we did it and how vendors handled the situation when we reported it to them.

Check it here.

#hack2learn

Share this:

Click to share on Twitter (Opens in new window)
Click to share on Facebook (Opens in new window)

Related

Post navigation

← Avoiding XSS Detection

Looking for XSS in PHP Source Code →

One thought on “AntiviruXSS White Paper”

AntiviruXSS White Paper – How We XSSed 8/9 Top AV Vendors – sec.uno says:

May 18, 2016 at 14:52

[…] by /u/brute_logic [link] […]

Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Brute XSS Cheat Sheet

GET YOURS NOW!

XSS Gym

TRAIN YOUR XSS MUSCLES!

A C C U R A C Y I S E V E R Y T H I N G .

Featured Posts

Bypassing Whitelists With XSS Payloads in Attributes
There are XSS scenarios where there’s a strong filter in place like […]
Tag Blending Obfuscation In Property-Based Payloads
Property-based payloads are payloads based on some particular properties of the document […]
XSS With Hoisting
When dealing with JavaScript injection scenarios sometimes we might get into a difficult […]

All Posts

Bypassing Whitelists With XSS Payloads in Attributes
Tag Blending Obfuscation In Property-Based Payloads
XSS With Hoisting
Training XSS Muscles
Building XSS Polyglots
CSP Bypass Guidelines
Filter Bypass in Multi Context
Testing for XSS (Like a KNOXSS)
XSS via HTTP Headers
XSS in Limited Input Formats
Advanced JavaScript Injections
Quoteless Javascript Injections
DOM-based XSS – The 3 Sinks
Chrome XSS Auditor – SVG Bypass
The 7 Main XSS Cases Everyone Should Know
Compromising CMSes with XSS
Alternative to Javascript Pseudo-Protocol
XSS Filter Bypass With Spell Checking
XSS Challenge I
Calling Remote Script With Event Handlers
Four Horsemen of the Web Apocalypse
The Easiest Way to Bypass XSS Mitigations
XSS Authority Abuse
Reflected in Watering Hole
Bypassing Javascript Overrides
The Genesis of an XSS Worm – Part III
The Genesis of an XSS Worm – Part II
The Genesis of an XSS Worm – Part I
The Shortest Reflected XSS Attack Possible
Looking for XSS in PHP Source Code
AntiviruXSS White Paper
Avoiding XSS Detection
Blind XSS Code
XSS and RCE
CORS Enabled XSS
Chrome XSS Bypass
File Upload XSS
Leveraging Self-XSS
XSS in Mobile Devices
Cross-Origin Scripting
Transcending Context-Based Filters
XSS Without Event Handlers
Multi Reflection XSS
Using XSS to Control a Browser
Source-Breaking Injections
Location Based Payloads – Part IV
Location Based Payloads – Part III
Location Based Payloads – Part II
Location Based Payloads – Part I
Probing to Find XSS
Filter Bypass Procedure
Existing Code Reuse
Agnostic Event Handlers
XSS Payload Scheme

Proudly powered by WordPress | Theme: Big Brother by WordPress.com.

Translate »

Enjoy this blog? Please spread the word :)

Brute XSS Cheat Sheet

Improve your Cross-Site Scripting skills!

Exclusive content you can’t find anywhere.

Dozens of unique vectors and techniques.

Just $9.95!

Brute XSS Cheat Sheet

The best Cross-Site Scripting collection out there!

Tested Proof-of-Concept vectors and payloads.
Covers basics to advanced, filter bypass and other cases.
Clear directions for dozens of different scenarios.
Exclusive content you can’t find anywhere.

Loading Comments...

You must be logged in to post a comment.