Issue metadata
Sign in to add a comment
|
Security: XSS Stored in chrome://devtools/content/webconsole
Reported by
arnoldki...@gmail.com,
Jan 12 2018
|
||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Cross site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. XSS differs from other web attack vectors (e.g., SQL injections), in that it does not directly target the application itself. Instead, the users of the web application are the ones at risk. A successful cross site scripting attack can have devastating consequences for an online business's reputation and its relationship with its clients. Depending on the severity of the attack, user accounts may be compromised, Trojan horse programs activated and page content modified, misleading users into willingly surrendering their private data. Finally, session cookies could be revealed, enabling a perpetrator to impersonate valid users and abuse their private accounts. Cross site scripting attacks can be broken down into two types: stored and reflected. Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser. The script is embedded into a link, and is only activated once that link is clicked on. VERSION Firefox 52 Operating System: [linux] REPRODUCTION CASE 1-go to :https://gsuite.google.com/signup/basic/business 2-open inspect element and go security tab 3-error function _.Wd, /_/scs/admin-static/_/js/k=boq-dasher.DasherSignupUi.en.iB8FE9aInYY.O/m=_b,_tp/am=gMA/rt=j/d=1/excm= line 96 4-open google.com///_/scs/admin-static/_/js/k=boq-dasher.DasherSignupUi.en.iB8FE9aInYY.O/m=_b,_tp/am=gMA/rt=j/d=1/excm=welcomeview,_b,_tp/ed=1/rs=AOjztaHT2fgiRIg-jSuLqnG_TCDCjhsTCQ 5-view attach file
,
Jan 12 2018
you mean new reoport!
,
Jan 12 2018
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 12 2018
RE #2: The request is that you update this Issue with details of how to reproduce a problem in Google Chrome, whose bug tracker you have reported an issue to.
,
Jan 13 2018
i tested in mozila firefox 1-go to :https://gsuite.google.com/signup/basic/business 2-open inspect element and go security tab 3-error function _.Wd, /_/scs/admin-static/_/js/k=boq-dasher.DasherSignupUi.en.iB8FE9aInYY.O/m=_b,_tp/am=gMA/rt=j/d=1/excm= line 96 4-open google.com///_/scs/admin-static/_/js/k=boq-dasher.DasherSignupUi.en.iB8FE9aInYY.O/m=_b,_tp/am=gMA/rt=j/d=1/excm=welcomeview,_b,_tp/ed=1/rs=AOjztaHT2fgiRIg-jSuLqnG_TCDCjhsTCQ
,
Jan 13 2018
,
Jan 13 2018
This is a bug tracker for Google Chrome. If you've found an issue that only reproduces in Firefox, you'll need to report that issue to Mozilla.
,
Jan 13 2018
yes but the bug in chrome://devtools/content/webconsole and the xss stored i tested in mozila firefox
,
Jan 13 2018
At this point, you haven't shown a bug in the Chrome devtools console. Could you either answer the questions asked in Comment #1 or include a screen-recording video demonstrating where you believe there to be a bug in Chrome? Thanks!
,
Jan 13 2018
thanks for comment i think i send two clear screenshot show the vulnarability clearly and the report is clear i dont have to more explain . if you dont belive is bug into your system is your desision ...
,
Jan 14 2018
#10: as mentioned, if you have found a bug in Mozilla Firefox, you should report it to Firefox. I don't see how you could be opening chrome://devtools/content/webconsole when you're not running Chrome. We have no control over Firefox here. :) Please re-open if you can provide precise details of the chrome://devtools issue in Chrome itself. Thanks!
,
Apr 22 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Jan 12 2018