Issue metadata
Sign in to add a comment
|
Security: JavaScript runs in Data URLs
Reported by
wawawawa...@gmail.com,
Apr 13 2017
|
||||||||||||||||||
Issue description
Hello google,
i write this short message to report a vuln in chrome browser. The attacker can inject an html code or javascript (exemple : payload)
This is an xss reflected, html injection , open redirection...
The bug :
data:text/html,Xxxxxxx
Xxxxxxx : the html or javascript code...
Exemple of open redirection :
Xxxxx : location.replace("https://google.com")
Thank you ,
Zakariaa
,
Apr 13 2017
This is working as intended. Data URLs are used to serve markup, including JavaScript. This is not, in itself, a security vulnerability.
,
Apr 14 2017
but,wait i send you this link
data:text/html,location.replace("https://google.com")
you will click in it and you will be redirected to google.com
no warnings,no error :D
my question , why it isn't a bug ? it can be exploited directly
i can execute a scam
like this :
data:text/html, and the html source code
try to send it to someone
,
Apr 15 2017
mayne it runs in data url but i can exploit this running :D i can use it to make the victim download a payload or anything or redirecting him or inject a scam :)... i hope you understand, it's a dangerous bug 2017-04-13 15:39 GMT+01:00 elawre… via monorail < monorail+v2.271331812@chromium.org>: |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by wawawawa...@gmail.com
, Apr 13 2017