Aug 9, 2020

8 min read

Arbitrary Parentheses-less XSS

against strict CSP policies

In the past years, an interesting XSS vector was put on a table by some researchers, and that is Parentheses-less XSS.

It’s not a mystery that there are known payloads that will execute arbitrary XSS with limited charsets. One of the simplest payloads out there is

location=name

which with adequate window.name, will redirect to ‘javascript:alert()’ URL and execute arbitrary XSS stored in the window’s name.

--

More from terjanq

Security enthusiast that loves playing CTFs and hunting for bugs in the wild. Also likes to do some chess once in a while. twitter.com/terjanq

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

in

JavaScript in Plain English

Build a simple text-to-speech app with the Web Speech API

in

Level Up Coding

Set up a Nginx Load balancer for a dockerized Node.js Application

A Short List of Good Practices in Programming

Java/ Add Footer to PowerPoint Document

Basic routing in Express.js

in

Nerd For Tech

What I built (4) — browser extension to generate QR Code

in

Towards Data Science

Training Tensorflow Object Detection API with custom dataset for working in Javascript and Vue.js

Article Summary: If your building a Node/Express web application and have never used or added the…

About Help Terms Privacy

Get the Medium app

terjanq

terjanq

Security enthusiast that loves playing CTFs and hunting for bugs in the wild. Also likes to do some chess once in a while. twitter.com/terjanq

More from Medium

Insecure Direct Object References (IDOR)

Intigriti XSS Challenge 0222 — Write-Up

Subdomain Takeover Via Flywheel

CVE-2022–30777

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Knowable