Lucene search
K

GreenBrowser 6.1.x Cross Site Scripting

🗓️ 28 Mar 2012 00:00:00Reported by LostmonType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 37 Views

GreenBrowser 6.1.x Cross Site Scripting, last visited pages stored XSS, about: dialog XSS, no available solutio

Code
`########################################  
GreenBrowser About: dialog XSS and stored XSS  
Vendor URL:http://www.morequick.com/  
advisore:http://lostmon.blogspot.com/2012/03/greenbrowser-about-dialog-xss-and.html  
Vendor notify:NO exploit available:yes  
#######################################  
  
GreenBrowser is your best choice of flexible and powerful green web  
browser. GreenBrowser is free to download and use.  
  
GreenBrowser contains a two flaws that allows a remote cross site  
scripting (XSS) attack. This flaw exists because the application does  
not validate the about: Uri dialog and last visited pages. This may  
allow a user to create a specially crafted URL that would execute  
arbitrary script code in a user's browser within the trust  
relationship between their browser and the server.  
  
Also the browser save the last URL visited and then, if a user create  
a crafted link and clin in, it is a stored XSS because when open the  
browser by default it open http://www.5igb.com/StartEn.htm and it have  
the last visited URL... The xss is executed in this URL :) page and  
browser not validate LastVisitWriteEn() before render to the user.  
  
You can see this function here => http://www.5igb.com/function.js  
  
#################  
Proof of Concept  
#################  
  
create a html doc and write this code, click in the link and it  
execute the xss close the browser and open it again, in last visit  
pages we have the url of PoC and it executes the stored XSS  
  
<html><body>  
<a href='about:"><script>alert(1)</script>'>GreenBrowser about: handler XSS</a>  
</body></html>  
  
################  
Versions afected  
################  
  
6.1.0117 (2012-01-17 10:22:02)  
6.1.0216 (2012-02-16 21:37:10)  
  
##################  
Solution  
###################  
  
No solution was available at this time !!!  
  
################ €nd ####################  
  
--   
atentamente:  
Lostmon ([email protected])  
Web-Blog: http://lostmon.blogspot.com/  
Google group: http://groups.google.com/group/lostmon (new)  
--  
La curiosidad es lo que hace mover la mente....  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation