# Title: Chrome 31.0 Webkit XSS Auditor Bypass
# Product: Google Chrome
# Author: Rafay Baloch @rafaybaloch And PEPE Vila
Chrome XSS Auditor is a client side XSS filter used by google chrome
to protect against XSS attacks. Chrome XSS filter has already been beaten
a lot of times and there still exists lots of contexts where it fails.
The vulnerability lies in the way people escape certain characters, while
replacing certain characters with characters
syntax and since the response won't match the output parameter.
Proof of concept
The following is a challenge setup by a gentle man with a nick "Strong boi":
The expected solution was to use a well known unfixed bug in chrome and
noticed a different behaviour, when we injected an apostrophe. It was being
converted to - and hence yielding a valid syntax and executing the
would try replacing special characters to - or anything similar that
would make the syntax valid.
First search:<input type="text" name="a"