If you use Google chrome version 0.2.149.27-30, please upgrade to the recent one.
Regards,
Google Chrome MetaCharacter URI Obfuscation Vulnerability
------------------------------------------------------------------------
SUMMARY
Google chrome is vulnerable to URI Obfuscation vulnerability. An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.
DETAILS
Vulnerable Systems:
* Chrome version 0.2.149.30
* Chrome version 0.2.149.29
* Chrome version 0.2.149.27
Proof of Concept:
Link1: ftp://anoymous:guest@microsoft.com
Link2: [Without NULL] | http://www.google.com@yahoo.com | [Google --> Yahoo [Obfuscation]]
Link3: http://www.secniche.org%00@www.milw0rm.com [With NULL] SecNiche --> Milw0rm [Obfuscation]
'Hacking' 카테고리의 다른 글
| Creating a Computer Security Incident Response Team: A Process for Getting Started (0) | 2008.11.29 |
|---|---|
| Overview of U.S. Federal Laws (0) | 2008.11.26 |
| Manually Unpacking a Morphine-Packed DLL with OllyDbg (1) | 2008.11.23 |
| Dynamic-Link Library Creation (0) | 2008.11.21 |
| Comercial Vulnerability Alerts (0) | 2008.11.21 |
