Showing 1 - 3 of 3

Files from Adi Cohen

toStaticHTML HTML Sanitizing Bypass: Posted Jul 11, 2012; Authored by Adi Cohen | Site blog.watchfire.com; The *toStaticHTML* component, which is found in Internet Explorer versions greater than 8, SharePoint and Lync is used to sanitize HTML fragments from dynamic and potentially malicious content. An attacker is able to create a specially formed CSS that will overcome * toStaticHTML*'s security logic; therefore, after passing the specially crafted CSS string through the *toStaticHTML* function, it will contain an expression that triggers a JavaScript call.; tags | exploit, javascript, xss; advisories | CVE-2012-1858; SHA-256 | 250fdc51b42fbad45e46c18cf75919ff7aaf7e27a4da2764383c71b6233a3cdb; Download | Favorite | View

Microsoft Anti-XSS Library Bypass: Posted Jan 19, 2012; Authored by Adi Cohen; The Microsoft Anti-XSS library versions 3.0 and 4.0 suffer from a javascript bypass vulnerability.; tags | exploit, javascript, bypass; SHA-256 | 9c3724fcd0d3afee3bd1af91d841bc9d029d55edbafef54c733f648ff52a0dc3; Download | Favorite | View

Microsoft Internet Explorer toStaticHTML Information Disclosure: Posted Jul 21, 2011; Authored by Adi Cohen; Microsoft Internet Explorer versions 8 and 9 can have the toStaticHTML function bypassed by a specially formed CSS.; tags | exploit, info disclosure; advisories | CVE-2011-1252; SHA-256 | fb6ce3c4e72cb5d523db3230f77e48c753f042b5ed31c6a76a35dce10d03ef03; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days