Professional Webmasters Community
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Professional Webmasters Community

your are free to explore your reviews, thoughts, suggestion and guidelines on every online tech talk.


Avant Browser browser:home Persistent XSS vulnerabilities

Professional Webmasters Community :: Webmaster Speak :: Tech Talk

Go down

Avant Browser browser:home Persistent XSS vulnerabilities Empty Avant Browser browser:home Persistent XSS vulnerabilities

Post  andry Thu Sep 23, 2010 4:59 am


###########################################
Avant Browser browser:home Persistent XSS vulnerabilities
vendor url: http://www.avantbrowser.com/
vendor notify: NO exploit available: yes
############################################

#############
description
#############

Avant Browser´s user-friendly interface brings a new level
of clarity and efficiency to your browsing experience,and
frequent upgrades have steadily improved its reliability.
Avant Browser is freeware That's right. 100% Free!.

Avant Browse contains a flaw that allows a remote cross site
scripting attack.This flaw exists because the application does
not validate properly the url links upon submission to the
history, bookmarks and top sites visited in browser:home page.
This could allow a user to create a specially crafted URL or a
bookmark that would execute arbitrary code in a user's browser
within the trust relationship between the browser and the server
wen try to load browser:home ,leading to a loss of integrity.

###############
version tested
###############

Avant Browser 11.7 build 35

#########
solution:
##########

Update to version 11.7 build 36
it is reported and tested that isn´t
vulnerable.


#############
timeline:
#############

discovered: 23-jul-2009
disclosure: 30 jul 2009

##################
testing
##################

Demostration Video => http://www.spymac.com/details/?2417793
Open Avant Browser and by default the browser load
'browser:home' page. in this page we can view tree
columns , 1 top sites 2 history and 3 recent bookmarks.

All tree colums are prone vulnerables to a xss let´s go
to demostrate it in the tree cases.
I make a web page posible vulnerable to a xss condition

<?
$cmd=$_GET[id]
?>

I place a online doc for demo here =>
http://usuarios.lycos.es/reyfuss/id.php?id=

open avant browser and navigate to
http://usuarios.lycos.es/reyfuss/id.php?id="><script>alert(1)</script>
wait until load , and them close the browser
or open Browser:home URI.

The script is executed and we have two columns afected,
the first and the second.

go to tools menu and delete history ...

open avant browser and go to
http://usuarios.lycos.es/reyfuss/id.php?id="><script>alert(1)</script>

rigth click and select add bookmark and add it.

load again browser:home and the xss is executed
in bookmarks column.

So if we for example like to deny the access to
browser:home we can load =>
http://usuarios.lycos.es/reyfuss/id.php?id="><script>window.close()</script>
and wen open the broser and load browser:home on load,
the script close it.

so if we like to denial the service we can load =>
http://usuarios.lycos.es/reyfuss/id.php?id="><script>while(1)alert(1)</script>

################ End #####################
andry
andry
Moderator
Moderator

Posts : 467
Join date : 2010-05-07

Back to top Go down

Back to top

- Similar topics

Professional Webmasters Community :: Webmaster Speak :: Tech Talk

 
Permissions in this forum:
You cannot reply to topics in this forum