http://www.securiteam.com/windowsntfocus/6L00O1FN5S.html
Google chrome is vulnerable to URI Obfuscation vulnerability. An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.
Credit:The information has been provided by Aditya K Sood.
The original article can be found at: http://www.secniche.org/gcuri/index.html
Proof of Concept:
Link1: ftp://anoymous:guest@microsoft.com
Link2: [Without NULL] http://www.google.com@yahoo.com [Google --> Yahoo [Obfuscation]]
Link3: http://www.secniche.org@www.milw0rm.com [With NULL] SecNiche --> Milw0rm [Obfuscation]
-----------------------------------------------------
http://www.milw0rm.com/exploits/7226
Specifcally Tested on 0.4.154.25 [Latest]
No comments:
Post a Comment