GreenBrowser 6.1.x Cross Site Scripting

2012.03.28
Credit: Lostmon
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

### GreenBrowser About: dialog XSS and stored XSS Vendor URL:http://www.morequick.com/ advisore:http://lostmon.blogspot.com/2012/03/greenbrowser-about-dialog-xss-and.html Vendor notify:NO exploit available:yes ### GreenBrowser is your best choice of flexible and powerful green web browser. GreenBrowser is free to download and use. GreenBrowser contains a two flaws that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the about: Uri dialog and last visited pages. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. Also the browser save the last URL visited and then, if a user create a crafted link and clin in, it is a stored XSS because when open the browser by default it open http://www.5igb.com/StartEn.htm and it have the last visited URL... The xss is executed in this URL :) page and browser not validate LastVisitWriteEn() before render to the user. You can see this function here => http://www.5igb.com/function.js ################# Proof of Concept ################# create a html doc and write this code, click in the link and it execute the xss close the browser and open it again, in last visit pages we have the url of PoC and it executes the stored XSS <html><body> <a href='about:"><script>alert(1)</script>'>GreenBrowser about: handler XSS</a> </body></html> ################ Versions afected ################ 6.1.0117 (2012-01-17 10:22:02) 6.1.0216 (2012-02-16 21:37:10) ################## Solution ################### No solution was available at this time !!! ################ nd #################### -- atentamente: Lostmon (lostmon@gmail.com) Web-Blog: http://lostmon.blogspot.com/ Google group: http://groups.google.com/group/lostmon (new) -- La curiosidad es lo que hace mover la mente....

References:

http://lostmon.blogspot.com/2012/03/greenbrowser-about-dialog-xss-and.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top