Data center: Ashburn, VA

Telegram Chat : MBHH_x86

Email Us: Help@mobilehackerforhire.com

Telegram Medium
Mobile Hacker For Hire, hire a hacker, hiring a hacker, hacker with proof
Hire a hacker

Evernote Web Clipper Same-Origin Policy Bypass ≈ Packet Storm

#1 Mobile Hacker For Hire > Blog > Uncategorized > Evernote Web Clipper Same-Origin Policy Bypass ≈ Packet Storm

Table of Contents

evernote: extension allows cross-origin iframe communication

I happened to notice that the Evernote Web Clipper (3,000,000+ users) allows any website to bypass the same origin policy.

https://chrome.google.com/webstore/detail/evernote-web-clipper/pioclpoplcdbaefihamjohnefbikjilc

If you send a message like window.postMessage({type: “EN_request”, name: “EN_SerializeTo”, data: { frameName: id }), the frame DOM is collected and then posted back to the top window.

I made a quick demo exploit: https://lock.cmpxchg8b.com/oov6Wahv.html

I notice the evernote website requests that all vulnerabilities are submitted via HackerOne, but I’m unwilling to do that.

https://evernote.com/security/report-issue

I’ll send a report to the Chrome Webstore policy team instead, who can handle contacting the registered developer.

Found by: taviso@google.com

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Uncategorized
Catpops Technobiz CMS 4.0 Cross Site Scripting
Posted on
Uncategorized
ABUS Security Camera LFI, RCE and SSH Root
Posted on
Uncategorized
Microsoft Windows Contact File / Remote Code Execution (Resurrected) CVE-2022-44666
Posted on

©2022. Mobile Hacker For Hire. All Rights Reserved.

help@mobilehackerforhire.com

error: Content is protected !!