Issue metadata
Sign in to add a comment
|
Security: ⚐ Cross-Site Scripting XSS in Google Chrome
Reported by
marwannh...@gmail.com,
Jul 20 2016
|
||||||||||||||||||
Issue description
Chrome Version : version 51.0.2704.103
URLs (if applicable) :
Other browsers tested:
Firefox: OK
IE: fail
steps will reproduce the problem:
(1)open google chrome
(2)then,go to this link:
data:text/html;script,"><script>alert('xss by marwan')</script>
What is the expected result? What happens instead?
As you can see my name(xss by marwan) that we have given in parentheses displayed, and this is proof that the application is infected Vulnerability
additional information below. Attach a screenshot:
google.PNG
46.1 KB View Download
,
Jul 20 2016
The ability to put data:text/html into the address bar is intended behavior, so I'm not sure I see how this is a UXSS attack.
,
Jul 20 2016
I'd also like to take this opportunity to clear up a small confusion in the mind of the reporter: The ability to display your name from JS does not imply that the application is infected. The X in XSS stands for cross, which means that you needsto be able to execute JS in another domain. Hence, when reporting XSS, always do alert(document.domain). Had you done so in this case, you might have realized that data: URLs have unique origins, and hence the JS was not executing cross-domain.
,
Jul 25 2016
,
Oct 27 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by marwannh...@gmail.com
, Jul 20 201646.1 KB
46.1 KB View Download