Hello Friends,
Welcome back :) Today I'm sharing my
research on mutation cross site scripting. On studying and reading lot of stuff
finally decided to write article about mXSS. I hope you will find it useful.
Mutation Cross site
scripting (mXSS)
The New class of XSS vector, the
class of mutation based XSS (mXSS) vector discovered by Mario Heiderich. This
mXSS may occur in innerHTML. This vulnerability affects major browsers like IE,
Firefox, Chrome etc.
Famous applications like Yahoo,
Rediff mails, Zimbra etc like commercial products were vulnerable to mXSS. This
type of XSS vectors managed to bypass widely deployed server side XSS
protections tecniques like HTML purifier, Kses, htmlLawed etc. and client side
filters like XSS auditor, IE XSS filter, WAF systems, IDS and IPS.
Introduction
The mXSS is an XSS vector that is
mutated from safe state to unsafe unfiltered state. Server- and client-side XSS
filters share the assumption that their HTML output and the browser-rendered
HTML content are mostly identical. The most common form of mXSS is from
incorrect reads of innerHTML. The user provided content is mutated by the
browser, such that a harmless string passes nearly all XSS filters is
ultimately transformed into active XSS attack vector by the browser.