New issue
Advanced search Search tips

Issue 894359 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Oct 12
Cc:
vamshi.kommuri@chromium.org
bokan@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Bypass XSSAudit - 4

Reported by qusai.al...@gmail.com, Oct 11 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

Steps to reproduce the problem:
1. Goto this site 
2. https://secure.rentalcars.com/FreeTextSearchResults.do?org.apache.struts.taglib.html.TOKEN=dd640bdd1d6dd6f0ddb1b6ceae151030&puSearchInput=1&puDay=%27-(confirm)(document.cookie)-%27%22%3E%3CSvg%20/

3. Popup will appear

What is the expected behavior?
Chrome should block such request and block XSS attack

What went wrong?
POPup appears. 

Did this work before? N/A 

Chrome version: 69.0.3497.100  Channel: stable
OS Version: 10.0
Flash Version:
ScreenCaptureProject3.mp4
5.0 MB View Download

Comment 1 by susan.boorgula@chromium.org, Oct 11

Labels: Needs-Triage-M69

Comment 2 by vamshi.kommuri@chromium.org, Oct 12

Cc: vamshi.kommuri@chromium.org
Labels: Triaged-ET Needs-Feedback
Thanks for filing the issue!

Unable to reproduce the issue on reported chrome version 69.0.3497.100 using Windows 10 with the below mentioned steps.
1. Launched Chrome
2. Navigated to ecure.rentalcars.com/FreeTextSearchResults.do?org.apache.struts.taglib.html.TOKEN=dd640bdd1d6dd6f0ddb1b6ceae151030&puSearchInput=1&puDay=%27-(confirm)(document.cookie)-%27%22%3E%3CSvg%20/
Didn't see any pop-up.

@Reporter: Could you please check the same in a new profile without any apps & extensions and let us know if the issue still persists. Any further inputs from your end may be helpful.
Project Member

Comment 4 by sheriffbot@chromium.org, Oct 12

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by qusai.al...@gmail.com, Oct 12 

here is the screen shot
chrome-rent.png
56.7 KB View Download

Comment 7 by bokan@chromium.org, Oct 12

Cc: bokan@chromium.org
Status: WontFix (was: Unconfirmed)
This looks like an issue with the site to me. The popup isn't a new page so the popup blocker doesn't apply - this is an alert box. Let me know if I'm missing something.

Comment 8 by qusai.al...@gmail.com, Oct 13 

yes it is an alert from XSS vulnerability, To be honest , this is my 5th report on Chrome XSSAudit , and when ever i report, you come out with somethings new either duplicate or wonfix .. to be honest this is unfair !!!

Comment 9 by qusai.al...@gmail.com, Oct 13 

here is the site protection for the site it self, they are fully protected. check attached.
chrome_xss_secure.png
39.0 KB View Download

Comment 10 by qusai.al...@gmail.com, Oct 15 

any update on this please ?

Comment 11 by bokan@chromium.org, Oct 15 

Perhaps I'm missing something here -- I don't know what XSSAudit is -- but why is this an issue in Chrome and not the site? Chrome doesn't alert when there's an XSS vulnerability and it's not clear to me that's even what's happening. The same behavior is observed when opening the page in Firefox so this is an issue with the page and not the browser.

Comment 12 by qusai.al...@gmail.com, Oct 15 

From what I believe that chrome should block any xss attack , so simply how come this got bypassed ?

Sign in to add a comment