Issue metadata
Sign in to add a comment
|
Chrome / firefox / ie render incorrect ‍ + \ with charset GBK lead to xss
Reported by
unkowndo...@gmail.com,
Feb 5 2017
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Steps to reproduce the problem: 1. view http://localhost/test.php?xss=111%E2%80%8D%22;alert(0);// test.php _____________________________ <?php $xss = $_GET['xss']; $xss = str_replace('"', '\"', $xss); $xss = str_replace("'", "\'", $xss); ?> <html> <head> <!-- <meta http-equiv="content-type" content="text/html;charset=utf-8"> --> <meta http-equiv="content-type" content="text/html;charset=GBK"> <title>test</title> <script> console.log(document.charset) </script> <script> a = "<?php echo $xss;?>" console.log(a) </script> </head> </html> What is the expected behavior? expected " replace \" What went wrong? replace \" bypassed Did this work before? N/A Chrome version: 56.0.2924.87 Channel: stable OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: Shockwave Flash 24.0 r0
,
May 15 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by dominickn@chromium.org
, Feb 6 2017Owner: tsepez@chromium.org
Status: WontFix (was: Unconfirmed)