– XSS filter bypass,
– WAF bypass,
– CSP bypass,
– Chrome auditor bypass.
In total, the same bug was replicated on 3 endpoints, achieving 8 cross-site scripting vulnerabilities in total, including stored xss.
original blogpost:
https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/
Brett Bauerhaus:
https://twitter.com/bbuerhaus
https://buer.haus/
https://hackerone.com/ziot
Ben Sadeghipour:
https://www.youtube.com/NahamSec
https://twitter.com/NahamSec
https://nahamsec.com/
https://hackerone.com/nahamsec?type=user
Timestamps:
00:00 Intro
00:33 JSON in HTML
01:22 XSS filter
02:42 WAF
05:09 Content-Security-Policy
07:26 WAF & chrome auditor
#xss #airbnb #hackerone #waf
Add comment