Google Chrome MetaCharacter URI Obfuscation Vulnerability.

Google Chrome MetaCharacter URI Obfuscation Vulnerability.

(C) SecNiche Security / Proof of Concept

By:- Aditya K Sood.

This POC has been designed with minimum object usage. This can be made more critical dependent on the object usage.

Check the Status Bar for Address Problem. Have a Look at the Source too.

The Indepth Concept of this Vulnerablility.

Look at POC.

Link1 : http://www.google.com%00@milw0rm.com

Link2 : http://www.google.com@yahoo.com

Link3 : ftp://anoymous:guest@microsoft.com

Check the Status Bar for Address Problem,

Specifcally Tested on 0.4.154.25 [Latest]

Other Version Tested:

Official Build 1798
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/525.13 (KHTML, like Gecko)
Chrome/0.2.149.29 Safari/525.13

Official Build 2200
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/525.13 (KHTML, like Gecko)
Chrome/0.2.149.30 Safari/525.13
# milw0rm.com [2008-11-25]

Google Chrome MetaCharacter URI Obfuscation Vulnerability.(C) SecNiche Security / Proof of Concept

Look at POC.

Specifcally Tested on 0.4.154.25 [Latest]

Google Chrome MetaCharacter URI Obfuscation Vulnerability.

(C) SecNiche Security / Proof of Concept