F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

kohli9harjeev's avatar
kohli9harjeev
Icon for Nimbostratus rankNimbostratus
Mar 30, 2017

Protection of XSSJacking

Hi Guys   New Attack Called “XSSJacking” Discovered That Combined of Clickjacking, Pastejacking and Self-XSS Attacks   Does anyone knows any resolution to this vulnerability using ASM ? Or Prot...
application delivery
ASM Advanced WAF
BIG-IP
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Apr 02, 2017

PasteJacking is a CLIENT-side attack where malicious site tricks the user to copy some text, then the malicious JavaScript code replaces the contents of the copied text in the clipboard with a malicious XSS payloads.The malicious site then ASKs the user to paste it. Because it is a CLIENT-side attack starting on a MALICIOUS site (not protected by ASM) Pastejacking cannot be stopped as it happens in memory of user's BROWSER. However when the user pastes the XSS payload to a legitimate site (protected by ASM) ASM will DETECT the XSS in the input (provided the policy is configured correctly to detect and block XSS).