另外,我们还发现,其它的Google服务端也会受到该XSS漏洞影响:
(document.cookie)
漏洞修复
漏洞修复很简单,只需要在上述JS中增加一行代码 0 != d.indexOf(“http”) && window.close(),判断URL的location hash,即#后面的开始的字段以http开始,就能消除漏洞。
(function() {
var a = window.document.forms[0],
b = location.hash.substr(1);
b || window.close();
var c = b.split("&"),
d = decodeURIComponent(c[0]);
// Only the below line needed to be changed
// to check if the location hash begins with http:
0 != d.indexOf("http") && window.close();
a.action = d;
for (var e = 1; e < c.length; e++) {
var f = c[e].split("="),
g = document.createElement("input");
g.type = "hidden";
g.name = f[0];
g.value = decodeURIComponent(f[1]);
a.appendChild(g)
}
a.submit();
}).call(this);
漏洞上报和处理进程2019.12.27 漏洞上报
2019.12.27 漏洞分类
2020.1.8 Google修复漏洞
2020.1.8 Google发放赏金$5000