Address Bar Spoofing in Default Browser of Ubuntu LTS.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
webbrowser-app (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Hello ,
The default browser of the Ubuntu LTS is vulnerable to Address Bar Spoofing.
Steps :
Ubuntu browser allows attacker to spoof the web-browser by just using '@' symbol.
Example : https://<email address hidden> , this will redirect a user or a victim to bing.com rather than google.com.
An attacker can take an advantage of it and may redirect it to any malicious website.
Example : https://<email address hidden> , similarly this will also redirect to attacker.com rather than facebook.com.
There are various scenario to exploit , one of it using BeeF using [hook.js] which is browser based exploitation and as such many more.
Example: https://<email address hidden>/hook.js
Well where as hook.js is a component of BeeF, which allows attacker to leads to browser based exploitation
As far i recommend and request there should be a pop-up for this as a mitigation that some one is trying to tamper the URL.
Kindly have a look on the attached Video POC , to clear the above scenario.
I would be happy to hear from the team.
Thank you
affects: | launchpad → webbrowser-app (Ubuntu) |
description: | updated |
How is this an addressbar spoof? Your video shows you typing an address in the addressbar, the browser navigating to the correct address and the addressbar showing an address that matches the content displayed