September 30, 2023

Vulnerabilities existed in Google Cloud, DevSite, and Google Play could have allowed attackers to achieve cross-site scripting attacks, opening the door to account hijacks. These discoveries made researcher to earn $3,133.70 for the DevSite issue and $5,000 for the vulnerability in Google Play.

The first vulnerability is a reflected XSS bug in Google DevSite. An attacker-controlled link could run JavaScript on the origins http://cloud.google.com and http://developers.google.com, meaning a malicious actor could read and modify its contents, bypassing the same-origin policy.

Due to a vulnerability in the server-side implementation of <devsite-language-selector> part of the URL was reflected as html, so it was possible to get XSS on the origins using that component from the 404 page.

Advertisements

The second vulnerability is a DOM-based XSS on Google Play. DOM-based XSS vulnerabilities usually arise when JavaScript takes data from an attacker-controllable source, such as the URL, and passes it to a sink that supports dynamic code execution, such as eval() or innerHTML.

This enables attackers to execute malicious JavaScript, which typically allows them to hijack other users’ accounts.

Getting an error was simple as doing /?search=& and because window.location includes the hash which never encodes ‘ it’s possible to escape the href context and set other html attributes. Unlike the DevSite XSS this is prevented by the CSP but was still awarded more by the panel.

Tags:

Leave a Reply

You may have missed

Johnson Controls Ransomware Attack

September 30, 2023

Progress issues Patches for Critical WS_FTP Flaws

September 29, 2023

NIST Releases SP 800-82r3 guide for OT

September 29, 2023

Cisco Semi-annual Security Advisory Summary

September 29, 2023

BlackTech Havoc’s Organizations with Cisco Router Bug

September 29, 2023

Google fixes fifth Zeroday bug in Chrome

September 28, 2023
%d bloggers like this: