Home / 2017 / March

Monthly Archives: March 2017

Referrer spoofing with iframe injection

Last year we’ve been playing with a very simple method to spoof the referrer on Edge, which allowed us of course to spoof the referrer and -as a bonus- other neat things like bypass the XSS filter. Today I found out that it was patched, so I decided to give …

Read More »

SOP bypass/ UXSS on IE – More Adventures in a Domainless World

A few months ago we’ve been playing with domainless about:blank pages on Edge. Essentially, a powerful about:blank document was capable of accessing every domain without restrictions. It was recently patched as CVE-2017-0002 so it does not work anymore. The same thing happens with the ActiveXObject/htmlFile (from now on, htmlFile) which was patched last week as CVE-2017-0154. …

Read More »

Bypassing the patch to continue spoofing the address bar and the Malware Warning

Yesterday, Microsoft pushed a gigantic update where tons of security bugs were fortunately killed, including most ones from this website. Kudos, big kudos to the Edge developers and the ones in charge of its security. Please, convince the ones who want to keep the ridiculous IE policies to change their minds or at …

Read More »