ListMyTabs, a Google Chrome extension, which as you guessed lists all the open tabs/windows you have open by their title. So it takes whats ever in the title tags and pushes it on the list which is where our XSS comes from. If you goto a evil page with something like [img src="" onerror="alert('xss')"] in its title tags and you click ListMyTabs's browser action button we get a little alert box that says xss.
Not much of a blog post i know, but it was fun wasn't it?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment