Skip to content
This repository has been archived by the owner on May 25, 2021. It is now read-only.

Validate origin in message listener #1030

Merged
merged 1 commit into from
Mar 20, 2017
Merged

Validate origin in message listener #1030

merged 1 commit into from
Mar 20, 2017

Conversation

Raz0r
Copy link
Contributor

@Raz0r Raz0r commented Mar 20, 2017

Hi!

Augury does not validate message origin in event listener which allows attackers to post arbitrary messages to target pages. What is even worse is that data serialization in messages used by the extension is basically evaluation of JavaScript, which makes it possible to gain XSS on any website provided that a user installed the extension.

PoC:

targetWindow.postMessage({
	messageSource: 'AUGURY_INSPECTED_APPLICATION', 
	messageType: 1, 
	serialize: 2, 
	content: 'alert(1)'
}, '*')

@mention-bot
Copy link

@Raz0r, thanks! @clbond, please review this.

@stevenkampen stevenkampen merged commit 04e7745 into rangle:dev Mar 20, 2017
@stevenkampen
Copy link
Contributor

@Raz0r Thank you for catching this. We'll do a release right now.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Raz0r @mention-bot @stevenkampen