![]() Nothing awesome happened except the file being shared.īut then, I clicked the Share-link on the entry.īAM! The title of the entry was not escaped correctly and I was able to get the Stored XSS triggered. I selected the file that I synced to Dropbox, it was called: '">.txt and shared it. Nice! I created a group, and found the connection using the “Add File” icon on the Group wall: “Dropbox has teamed up with Facebook so that you can do cool things like add files from Dropbox to your Facebook groups or send shared folder invitations to your Facebook friends.” It turned out that they had a pretty nice function going on there: I noticed their Facebook-connection and got curious on how it worked. As I was testing out this stuff on Dropbox, I also tried to figure out how this issue could be connected with other services. I reported these issues to Dropbox, they patched it really fast and I was placed on their Special Thanks page for the responsible disclosure. Using this method I was able to find two issues with their notification messages showing unescaped filenames. If you tried to rename a file to for example:īut, if you instead, connected a local directory, created a file there and synced it, you got it inside Dropbox without any problems. I noticed that when using their web interface there were some restrictions on what filenames that were allowed. I was actually working on finding flaws on Dropbox to begin with. If you want to know how an XSS could be exploited, you can read my colleague Mathias’ blog post about it. ![]() ![]() I recently found a Stored XSS on Facebook, which resulted in a Bug Bounty Reward. Find out how our Security Researcher Frans Rosén hacked Facebook and found a stored XSS for which he received a bug bounty reward. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |