'MetaCharacter'에 해당되는 글 2건

  1. 2008.11.27 Google Chrome MetaCharacter URI obfuscation vulnerability. by CEOinIRVINE
  2. 2008.11.26 Google Chrome MetaCharacter URI Obfuscation by CEOinIRVINE

Google Chrome MetaCharacter URI obfuscation vulnerability.

Business 2008. 11. 27. 03:43
POC Google Chrome MetaCharacter URI Obfuscation Vulnerability.

Google Chrome MetaCharacter URI Obfuscation Vulnerability.

(C) SecNiche Security / Proof of Concept

By:- Aditya K Sood.

This POC has been designed with minimum object usage. This can be made more critical dependent on the object usage.

Check the Status Bar for Address Problem. Have a Look at the Source too.

The Indepth Concept of this Vulnerablility.

Look at POC.

Link1 : http://www.google.com%00@milw0rm.com

Link2 : http://www.google.com@yahoo.com

Link3 : ftp://anoymous:guest@microsoft.com

 Check the Status Bar for Address Problem,

Specifcally Tested on 0.4.154.25 [Latest]

Other Version Tested:

Official Build 1798
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/525.13 (KHTML, like Gecko)
Chrome/0.2.149.29 Safari/525.13

Official Build 2200
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/525.13 (KHTML, like Gecko)
Chrome/0.2.149.30 Safari/525.13

'Business' 카테고리의 다른 글

Diagnoses Of Cancer Decline in The U.S.  (0) 2008.11.27
New Data Show Continuing Decline in U.S. Spending  (0) 2008.11.27
Food Stamp Use Nears Record  (0) 2008.11.26
U.S. Moves to Revive Consumer Lending  (0) 2008.11.26
Ban on GM employee stock purchases is extended  (0) 2008.11.26
Posted by CEOinIRVINE
l

Google Chrome MetaCharacter URI Obfuscation

Hacking 2008. 11. 26. 03:39

 

If you use Google chrome version 0.2.149.27-30, please upgrade to the recent one.

Regards,

 

 

 

 

 

Google Chrome MetaCharacter URI Obfuscation Vulnerability

------------------------------------------------------------------------

 

 

SUMMARY

 

Google chrome is vulnerable to URI Obfuscation vulnerability. An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

 

DETAILS

 

Vulnerable Systems:

 * Chrome version 0.2.149.30

 * Chrome version 0.2.149.29

 * Chrome version 0.2.149.27

 

Proof of Concept:

Link1:  ftp://anoymous:guest@microsoft.com

Link2: [Without NULL] | http://www.google.com@yahoo.com | [Google --> Yahoo [Obfuscation]]

Link3: http://www.secniche.org%00@www.milw0rm.com [With NULL] SecNiche --> Milw0rm [Obfuscation]

 

 

 


'Hacking' 카테고리의 다른 글

Creating a Computer Security Incident Response Team: A Process for Getting Started  (0) 2008.11.29
Overview of U.S. Federal Laws  (0) 2008.11.26
Manually Unpacking a Morphine-Packed DLL with OllyDbg  (1) 2008.11.23
Dynamic-Link Library Creation  (0) 2008.11.21
Comercial Vulnerability Alerts  (0) 2008.11.21
Posted by CEOinIRVINE
l
◀ 이전페이지 1 다음페이지 ▶
블로그 이미지
Information Security & US & Life & Love & Fashion & Hacking & Passion hack, web security, game security, game hack, fps, ava, wow, starcraft II, soldier front, gunz, reverse engineering, SQL injection, XSS, hacking, penetration testings, IT, internet technlogoy, security, penetratoin testing, XSS, XSRF CEOinIRVINE

최근에 올라온 글

공지사항

카테고리

CEOinIRVINE (2282)
Editorials (4)
Finance & EMBA (1)
Fashion (239)
IT (215)
Hacking (266)
Online Game (17)
Vocabulary (14)
iLoveBlackberry (2)
Business (1108)
Politics (165)
US News (115)
World News (63)
Career Consulting (8)
Apple (5)
Car (13)
Travel (5)
Irvine (3)
Sports (3)
recipe (1)
Music (15)
TVs (11)
Spanish (1)
Cyber Law (1)
Perl (3)
Java (1)
Artificial Intelligence (1)
Stock (1)

태그목록

달력

«   2024/05   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31

링크

  • Total :
  • Today :
  • Yesterday :
rss

최근에 달린 댓글

최근에 받은 트랙백

글 보관함

티스토리툴바