Code Igniter XSS Filter Multiple Bypasses
Recently we released our "XSS Filter Evasion Cheat Sheet", i was quite surprised to hear the community feedback. The total downloads have surpassed a figure of 2500, which was quite amazing considering that i didn't expect it to escalate that quickly. Recently, i had a chance to test Code Igniter's XSS clean function, as it relied upon blacklist it caught my interest. I was pleased that almost all the payloads/techniques that were used to bypass the "XSSCLEAN" function have been already documented inside our "XSS Filter Evasion Cheat Sheet".
Vulnerability Details
The test-bed i used was setup by @soaj1664ashar based upon the rules of the "XSS Clean" function inside of code igniter.http://xssplayground.net23.net/clean11.html
I managed to find lots of bypasses, however couple of them collided with what @soaj1664ashar had already found before. Therefore, i thought to publish the ones that did not collide with his vectors.