Issue metadata
Sign in to add a comment
|
Security: Spoofing address bar with an active <select> drop down menu
Reported by
larawe...@gmail.com,
Apr 28 2017
|
||||||||||||||||||||||
Issue descriptionIf you set the size of "select" to more than 1000 =>, the drop-down menu will go to the address bar. An attacker can, replace the contents of the address bar or perform a click-clicking attack. Steps to reproduce the problem: 1. Go to https://laraweron.mysit.ru/start.html 2. click link 3. pay attention to the address bar Works in all versions(Desktop Windows)
,
Apr 28 2017
I couldn't get this to repro in Chrome 60.3082 on Windows (the select appears at the bottom of the window), but based on the description, I believe this is the same as Issue 670265 .
,
Apr 28 2017
Error playing in the current version of Google Chrome (58 for Windows)
,
Apr 28 2017
I can't reproduce this in 58 for Windows; I get the same result as #2. Also, how would this result in clickjacking? It seems like just a location bar spoof.
,
May 5 2017
Yes indeed, clickjacking it will not work. But I'm not sure that this is a duplicate of the error 670265. Error 670265 uses the space method (<br>) and spoofing the attack can not be reproduced. In my example, the error arises because of the large size of the "height" of the "select" element, so it is possible to spoof the Attack.
,
Aug 5 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by larawe...@gmail.com
, Apr 28 2017