asia-15-Johns-Client-Side-Protection-Against-DOM-Based-XSS-Done-Right-(tm)
asia-15-Johns-Client-Side-Protection-Against-DOM-Based-XSS-Done-Right-(tm)
asia-15-Johns-Client-Side-Protection-Against-DOM-Based-XSS-Done-Right-(tm)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Bypasses in the wild• Using our existing infrastructure, we found … 1,602 <strong>DOM</strong>-based <strong>XSS</strong> vulnerabilities … on 958 domains• We enhanced our exploit generator to targetbypassable vulnerabilities Not targeting <strong>DOM</strong> bindings, second-order flows or alternativeattacks• Result: 776 of 958 domains susceptible to Auditorbypasses