2016-09-06 03:33:21 |
Dhiraj |
description |
Hello ,
The default browser of the Ubuntu LTS with the default browser is vulnerable to Address Bar Spoofing.
Steps :
Ubuntu browser allows attacker to spoof the web-browser by just using '@' symbol.
Example : https://google.com@bing.com , this will redirect a user or a victim to bing.com rather than google.com.
An attacker can take an advantage of it and may redirect it to any malicious website.
Example : https://facebook.com@attacker.com , similarly this will also redirect to attacker.com rather than facebook.com.
There are various scenario to exploit , one of it using BeeF using [hook.js] which is browser based exploitation and as such many more.
Example: https://example.com.com@attacker.com/hook.js
Well where as hook.js is a component of BeeF, which allows attacker to leads to browser based exploitation
As far i recommend and request there should be a pop-up for this as a mitigation that some one is trying to tamper the URL.
Kindly have a look on the attached Video POC , to clear the above scenario.
I would be happy to hear from the team.
Thank you |
Hello ,
The default browser of the Ubuntu LTS is vulnerable to Address Bar Spoofing.
Steps :
Ubuntu browser allows attacker to spoof the web-browser by just using '@' symbol.
Example : https://google.com@bing.com , this will redirect a user or a victim to bing.com rather than google.com.
An attacker can take an advantage of it and may redirect it to any malicious website.
Example : https://facebook.com@attacker.com , similarly this will also redirect to attacker.com rather than facebook.com.
There are various scenario to exploit , one of it using BeeF using [hook.js] which is browser based exploitation and as such many more.
Example: https://example.com.com@attacker.com/hook.js
Well where as hook.js is a component of BeeF, which allows attacker to leads to browser based exploitation
As far i recommend and request there should be a pop-up for this as a mitigation that some one is trying to tamper the URL.
Kindly have a look on the attached Video POC , to clear the above scenario.
I would be happy to hear from the team.
Thank you |
|