Hi! Just wanted to share my finding. I’ve found a way to bypass Chrome’s anti-xss filter. This bypass is universal, and it defeats Chrome’s XSSAuditor in all cases!
Description
XSS attacks occur when one website injects JavaScript code into otherwise legitimate requests to another website. The injected script generally attempts to access privileged information. The XSS Filter detects JavaScript in URL and HTTP POST requests. If JavaScript is detected, the XSS Filter searches evidence of reflection. If reflection is detected, the XSS Filter sanitizes the original request so that the additional JavaScript cannot be executed. However, the XSS filter can by bypassed with leading regexp inside svg script tag.
Details
Title: Google Chrome Anti-XSS Filter Bypass Affected Products: Google Chrome 43.0.2357.124 m (letest stable version) Discovery Date: 16-06-15 Author: Yosi Ovadia (http://vulnerable.info/) Payload: <svg><script>/<1/>alert(document.domain)</script></svg>
POC
Reporting
The issue was reported to chromium security team, and was fixed within 5 hours. The team marked it as a significant bypass.
Patch
https://codereview.chromium.org/1187843005/
Revision
http://src.chromium.org/viewvc/blink?view=revision&revision=197282
Best!
from: http://vulnerable.info/browsers/bypassing-chromes-anti-xss-filter/