New Years Resolution: Start blogging again. Here goes nothing…
It all started with this great blog post I saw on the front page of Hacker News. Its about exploiting and responsibly disclosing a XSS bug to both Dropbox and Facebook. Its a quick read, so check it out.
I thought to myself… hmm maybe this same attack vector can be exploited in a similar service.
I tried a similar attack with Google Drive. It didn’t look promising. Ok.. lets try box.net First, I tried to create a file with the name
'"><img src='http://blog.jordanschau.com/x' onerror=alert(document.cookie)>.jpeg in their web interface. Their response was:
So my next option was to upload a file from my local drive and sure enough, when I uploaded my file
'"><img src='http://blog.jordanschau.com/x' onerror=alert(document.cookie)>.jpeg I was alerted with my cookie!
This might not be the most useful XSS vector for an attacker but it was good enough.
I responsibly disclosed the XSS vulnerability and they gave me some free storage!