RTF Editor XSS Fuzz Framework

Cross Site Scripting (XSS) is one of the most important vulnerabilities in web applications, has been in the top three position of OWASP TOP10 [1] security risks for a long time. In many web application components, RTF (Rich Text Format) Editor has a wide range of XSS attacks because of its own characteristics. With the development of XSS detection technology, Fuzz technique has become a popular approach to discover XSS in web applications except Rich Text Editor. Thus, this paper proposes a RTF Editor XSS fuzz framework, which works on a lexical based fuzz framework. This framework includes an attack vector template and a mutation engine. In this framework, we use a concept named “boundary” to build the template and use a method named “breaking boundaries” to generate mutated data. Experimental results of our fuzz framework are quite encouraging. We have run it over 12 real-world RTF Editor (including Webmail, Blog, Markdown editor, etc.) and found vulnerabilities in 8 of them. We have responsibly reported our findings to the respective developers of editors.