Home / UXSS

UXSS

SOP bypass / UXSS on IE11 htmlFile

Today we are going to explore a feature that has been present on Internet Explorer almost since its inception. A feature that allows web-developers to instantiate external objects, and because of that it was abused ad-nauseum by attackers. Do you guess which feature are we talking about? The ActiveXObject. Even …

Read More »

SOP bypass / UXSS on Microsoft Edge – Adventures in a Domainless World

Today we are going to walk around a few design issues that, when used together, will end up in a full SOP bypass or Universal Cross Site Scripting (UXSS) on Microsoft Edge. If you are not a security researcher but you still want to understand this vulnerability, think about it this way: …

Read More »