Security: xss filter bypass in chrome
Reported by
0x0a1...@gmail.com,
Dec 2 2017
|
|||
Issue descriptionHello, I represent ismail.pw my personal site. i found a XSS filter bypass in Chrome. a) Steps to reproduce the vulnerability: any wp site create a new post and give title "/>'>/"><img src=1 onerror=prompt(document.domain);> and add url link "/>'>/"><img src=1 onerror=prompt(document.domain);> and vist this link see xss filter bypass in chrome VULNERABILITY DETAILS xss filter bypass in chrome. VERSION Chrome Version: 62.0.3202.94 (Official Build) (64-bit) Operating System: [win 8] Client ID (if relevant): [see link above]
,
Dec 2 2017
This looks like a Stored XSS vulnerability (rather than a Reflected XSS attack) which would be out of scope for what the XSS Auditor attempts to protect against.
,
Dec 3 2017
I looked at the repro in #1 and have confirmed that this is a Stored XSS vulnerability in the website, not a Reflected XSS vulnerability. Browser-side XSS filtering (e.g. Microsoft's XSS Filter, Chrome's XSS Auditor) have no way to prevent Stored XSS, only Reflected XSS, and thus this is out-of-scope or those features. The vulnerability in the website would need to be fixed by the owners of the website. https://dev.chromium.org/Home/chromium-security/security-faq#TOC-Are-XSS-filter-bypasses-considered-security-bugs- |
|||
►
Sign in to add a comment |
|||
Comment 1 by 0x0a1...@gmail.com
, Dec 2 2017