mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-08 01:56:40 +02:00
0xMarcio
922 B
922 B
CVE-2018-19335
Description
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
POC
Reference
- https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549
- https://www.reddit.com/r/netsec/comments/9yiidf/xssearching_googles_bug_tracker_to_find_out/ea2i7wz/
Github
No PoCs found on GitHub currently.