{"id":34479,"date":"2022-12-06T20:20:49","date_gmt":"2022-12-06T17:20:49","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/170113\/GS20221206160703.txt"},"modified":"2022-12-12T11:09:01","modified_gmt":"2022-12-12T07:39:01","slug":"evernote-web-clipper-same-origin-policy-bypass","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/evernote-web-clipper-same-origin-policy-bypass\/","title":{"rendered":"Evernote Web Clipper Same-Origin Policy Bypass"},"content":{"rendered":"

evernote: extension allows cross-origin iframe communication<\/p>\n

I happened to notice that the Evernote Web Clipper (3,000,000+ users) allows any website to bypass the same origin policy.<\/p>\n

https:\/\/chrome.google.com\/webstore\/detail\/evernote-web-clipper\/pioclpoplcdbaefihamjohnefbikjilc<\/p>\n

If you send a message like window.postMessage({type: \\”EN_request\\”, name: \\”EN_SerializeTo\\”, data: { frameName: id }), the frame DOM is collected and then posted back to the top window.<\/p>\n

I made a quick demo exploit: https:\/\/lock.cmpxchg8b.com\/oov6Wahv.html<\/p>\n

I notice the evernote website requests that all vulnerabilities are submitted via HackerOne, but I’m unwilling to do that.<\/p>\n

https:\/\/evernote.com\/security\/report-issue<\/p>\n

I’ll send a report to the Chrome Webstore policy team instead, who can handle contacting the registered developer.<\/p>\n

Found by: taviso@google.com<\/p>\n","protected":false},"excerpt":{"rendered":"

evernote: extension allows cross-origin iframe communication I happened to notice that the Evernote Web Clipper (3,000,000+ users) allows any website to bypass the same origin policy. https:\/\/chrome.google.com\/webstore\/detail\/evernote-web-clipper\/pioclpoplcdbaefihamjohnefbikjilc If you send a message like window.postMessage({type: \\”EN_request\\”, name: \\”EN_SerializeTo\\”, data: { frameName: id }), the frame DOM is collected and then posted back to the top window. …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-34479","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34479","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=34479"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34479\/revisions"}],"predecessor-version":[{"id":34748,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34479\/revisions\/34748"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=34479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=34479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=34479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}