Bug in Maps leading to XSS attack
Bug in Maps leading to XSS attack

Google has rewarded a security researcher of about $10,000 for spotting bugs in its Maps platform. The bug spotted by the reporter is the export function of Maps service, which could be tricked by an attacker to inject a malicious code with a newly created map and run a cross-site scripting attack on target’s system.

Bug in Google Maps May Trigger XSS Attack

Google rewards anyone who spots a bug in any of its products or services under its Vulnerability Rewards Program (VRP). So far, it has rewarded reporters for various bugs, with the amount reaching to $6.5 million in 2019 alone. And now, it has awarded a reporter called Zohar Shachar, the security head at Wix.com for pointing a bug in its Maps platform.

In a blog post, he described the vulnerability exists in how the Maps handles the export function while creating and saving a map. He found that Google saves a newly created map in various formats, where KML is one, that uses a tag-based structure based on the XML standard.

This format’s map name is set in an open CDATA tag, and this code is “not rendered by the browser.” Considering this, he added special characters to the CDATA tag like “]]>,” which bypasses the tag checking and let him include an arbitrary XML content along with the name. Saving this and sharing the link of the newly created map to target could put him at an XSS risk since he loads the malicious contented map.

He was awarded about $5,000 for reporting this bug, where Google released a fix for this on June 7th. But that’s not the end. Shachar found that Google has just included a new CDATA tag to close the original flawed tag, which could still be exploited with two closed CDATA tags to inject malicious code. After reporting the faulted fix, he was rewarded yet again of the same amount, making the total payout to $10,000.

Other Trending News:-  News


Please enter your comment!
Please enter your name here