Watching this talk by Amy Burnett I realized that I never really considered the abuse potential of service workers. I’ve seen plenty of JavaScript files reflecting query parameters, typically JSONP endpoints. And I considered these non-exploitable.

youtube.com/watch?v=a0yPYpmUpI

Follow

But any JS file that you can smuggle an importScripts call into is a potential service worker. You still need reflected XSS to register it, but severity increases drastically. A service worker can mess with any URL in its directory, and it persists even after a browser restart.

· · Web · 0 · 0 · 0
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.