New issue
Advanced search Search tips

Issue 894359 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Oct 12
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Bypass XSSAudit - 4

Reported by qusai.al...@gmail.com, Oct 11

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

Steps to reproduce the problem:
1. Goto this site 
2. https://secure.rentalcars.com/FreeTextSearchResults.do?org.apache.struts.taglib.html.TOKEN=dd640bdd1d6dd6f0ddb1b6ceae151030&puSearchInput=1&puDay=%27-(confirm)(document.cookie)-%27%22%3E%3CSvg%20/

3. Popup will appear

What is the expected behavior?
Chrome should block such request and block XSS attack

What went wrong?
POPup appears. 

Did this work before? N/A 

Chrome version: 69.0.3497.100  Channel: stable
OS Version: 10.0
Flash Version:
 
ScreenCaptureProject3.mp4
5.0 MB View Download
Labels: Needs-Triage-M69
Cc: vamshi.kommuri@chromium.org
Labels: Triaged-ET Needs-Feedback
Thanks for filing the issue!

Unable to reproduce the issue on reported chrome version 69.0.3497.100 using Windows 10 with the below mentioned steps.
1. Launched Chrome
2. Navigated to ecure.rentalcars.com/FreeTextSearchResults.do?org.apache.struts.taglib.html.TOKEN=dd640bdd1d6dd6f0ddb1b6ceae151030&puSearchInput=1&puDay=%27-(confirm)(document.cookie)-%27%22%3E%3CSvg%20/
Didn't see any pop-up.

@Reporter: Could you please check the same in a new profile without any apps & extensions and let us know if the issue still persists. Any further inputs from your end may be helpful.
Project Member

Comment 4 by sheriffbot@chromium.org, Oct 12

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
here is the screen shot 
chrome-rent.png
56.7 KB View Download
Cc: bokan@chromium.org
Status: WontFix (was: Unconfirmed)
This looks like an issue with the site to me. The popup isn't a new page so the popup blocker doesn't apply - this is an alert box. Let me know if I'm missing something.
yes it is an alert from XSS vulnerability, To be honest , this is my 5th report on Chrome XSSAudit , and when ever i report, you come out with somethings new either duplicate or wonfix .. to be honest this is unfair !!! 
here is the site protection for the site it self, they are fully protected. check attached.
chrome_xss_secure.png
39.0 KB View Download
any update on this please ?
Perhaps I'm missing something here -- I don't know what XSSAudit is -- but why is this an issue in Chrome and not the site? Chrome doesn't alert when there's an XSS vulnerability and it's not clear to me that's even what's happening. The same behavior is observed when opening the page in Firefox so this is an issue with the page and not the browser.
From what I believe that chrome should block any xss attack , so simply how come this got bypassed ? 

Sign in to add a comment