18-08-2015 / Vulnerabilities

Bypass ScriptBlock using Google Cloud Storage

Recently I read Detectify Labs post about Using Google Cloud to Bypass NoScript.

So I try to test this method on ScriptBlock plugin for Chrome.

googleapis.com domain is whitelisted by default.

File: common\config.js

whitelist: ["google.com", "google.ca", "google.co.uk", "google.de", "google.com.au", "googleapis.com", "gstatic.com", "youtube.com", "ytimg.com",
			"live.com", "microsoft.com", "hotmail.com", "apple.com", "yahoo.com", "yahooapis.com", "yimg.com", "paypal.com", "paypalobjects.com"]

Proof of Concept

Use Google Cloud Storage for storing files which bypass ScriptBlock. For example this one created by Mathias Karlsson.

https://avlidienbrunn.storage.googleapis.com/lol.html

Timeline

07-07-2015: Discovered
07-07-2015: Vendor notified
08-08-2015: New version released, issue resolved

Vulnerabilities

Kallithea <= 0.3.4 Incorrect access control and XSS

This vulnerability allows a normal user to modify the permissions of repositories that he normally shouldn’t have access to.

12-12-2018

2 MIN READ

Vulnerabilities

Gitea 1.4.0 Unauthenticated Remote Code Execution

This is part 1 of 3 about bugs inside Gitea

05-07-2018

5 MIN READ

Vulnerabilities

ManageEngine Exchange Reporter Plus Unauthenticated Remote Code Execution

How to create a Metasploit module in example?

28-06-2018

1 MIN READ