Web2Secure: Web Security Blog

We are non-funded group of security enthusiast who contributes and updates to community with latest security treats. Use and handle whatever links shared within website could be harmful to your systems with own risks. Feel free to use the contents for commercial or non-commercial purposes. We're very appreciating if using our useful information’s to your website by referring back to this original website. Donation or clicking on ads is most welcome to continue maintains costs for this website.

Tuesday, October 21, 2008

Chrome file-type checking vulnerability XSS

###########################################################
#   Google Chrome 0.2.149.30,                             #
#   file type check vulnerability                         #
#   when browsing through ftp.                            #
###########################################################
#   For example, when browsing:                           #
#   ftp://ftp.example.net/picture.jpg                     #
#   or it could be .txt, .pdf, etc...                     #
#   Google Chrome does not check the file type.           #
#                                                         #
#   When browsing only ftp://ftp.example.net/             #
#   you will see the picture.jpg file, like any other     #
#   image file.                                           #
###########################################################

Example content of the picture.jpg file:
/Begin:
html>
body>
script>alert('backdoored');
/body>
/html>

End\

Reference:http://packetstormsecurity.org/0810-exploits/googlechrome-check.txt

Web2Secure: Web Security Blog

Pages

Tuesday, October 21, 2008

Chrome file-type checking vulnerability XSS

0 comments: