Videos
Published on February 17th, 2016 📆 | 2423 Views ⚑
02016 002 Stored XSS in Google Sites
iSpeech
It possible to bypass the restriction on JavaScript execution in Google with article by embedding an "iframe" with a data and base64. The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. The affected resource is https://sites.google.com/isecauditorstest/ when you create/Edit a new article.
2016-02-17 10:37:27
source
Gloss