Unsanitized Data – An XSS Case Study                                 Chapter 4

            XSS in Google Gruyere

            This next part takes place on Google Gruyere, an XSS laboratory operated by Google that
            explains different aspects of XSS alongside appropriately vulnerable form input:
































            Google Gruyere is based loosely on a social network, such as Instagram or Twitter, where
            different users can share public snippets just like the former site's 280-word text blocks.
            Beyond the obvious, advertising of the service as being susceptible to XSS, there are small
            pieces of text, similar to what you'd find in real applications, hinting at areas of
            vulnerability. Some or limited support of HTML in a specific form is always a chance that
            the filters put in place by the site's developers to allow formatting markup, such
            as  Q   Q ,  C   C , and  CS  , while keeping out scary stuff, such
            as  TDSJQU   TDSJQU , will fail to sanitize your specially-crafted snippet.

            Going through the submission form to create a New Snippet (after setting up an account),
            we can try to probe at the outer edges of the sanitizing process. Let's try using a script that
            even the most naive filter should capture:
                 TDSJQU BMFSU     TDSJQU







                                                    [ 66 ]