Race Condition resulting in false positives / false negatives #10

forced-request · 2014-09-16T00:54:42Z

For some reason, certain payloads, such as <img src='1' onerror='{JAVASCRIPT}' are generating race conditions in which legitimate XSS payload execution is not being marked as executed, and payloads that don't execute are being marked as validated.

For the time being throttling the requests seems to decrease the likelihood of running into this behavior, but I'm still looking into the real cause.

The text was updated successfully, but these errors were encountered:

forced-request · 2014-09-16T01:09:24Z

Looks like the problem is that the document finishes being evaluated in these cases before the onAlert (and other) event handlers are processed.

forced-request added the bug label Sep 16, 2014

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Race Condition resulting in false positives / false negatives #10

Race Condition resulting in false positives / false negatives #10

forced-request commented Sep 16, 2014

forced-request commented Sep 16, 2014

Race Condition resulting in false positives / false negatives #10

Race Condition resulting in false positives / false negatives #10

Comments

forced-request commented Sep 16, 2014

forced-request commented Sep 16, 2014