search
Carter Cole LinkedInCarters Twitter PageCarter Cole on Facebook Carter Coles RSS

Monday, December 12, 2011

The XSS hole I found in Google Analytics

So it looks like Google has patched this hole so ill run though what I did where it was and how they could have prevented it. It all comes down to one rule. Sanitize all user inputs no matter what. This persistent XSS hole I found was in the protocol field... you can see how I was able to inject an unauthorized protocol for the sites profile
The exposure of this attach was very minimal... they didnt validate the protocol against the list of options provided. Even though this has been fixed I still have a profile that has chromes special protocol on the analytics of one of my extensions

By using the chrome developer inspector you can modify the option list and add any protocol you want, well at least when it worked
Now that they have fixed it this is the message that the ui shows when you try and send the unsupported prototcol

2 remarks:

Post a Comment

Link to this post if you found it usefull

The XSS hole I found in Google Analytics