Professional Webmasters Community
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Professional Webmasters Community

your are free to explore your reviews, thoughts, suggestion and guidelines on every online tech talk.


Orca Browser browser:home Persistent XSS vulnerability

Professional Webmasters Community :: Webmaster Speak :: Tech Talk

Go down

Orca Browser browser:home Persistent XSS vulnerability Empty Orca Browser browser:home Persistent XSS vulnerability

Post  andry Wed Oct 06, 2010 6:27 am


###########################################
Orca Browser browser:home Persistent XSS vulnerability
vendor url: http://www.orcabrowser.com/
vendor notify: NO exploit available: yes
############################################

#############
description
#############

Orca Browser´s user-friendly interface brings a new level
of clarity and efficiency to your browsing experience,and
frequent upgrades have steadily improved its reliability.
Avant Browser is freeware That's right. 100% Free!.

Orca Browser contains a flaw that allows a remote cross site
scripting attack.This flaw exists because the application does
not validate properly the url links upon submission to the
bookmarks in browser:home page.
This could allow a user to create a specially crafted URL or a
bookmark that would execute arbitrary code in a user's browser
within the trust relationship between the browser and the server
wen try to load browser:home ,leading to a loss of integrity.

###############
version tested
###############

Avant Browser 1.2 build 2

#########
solution:
##########

Update to version 1.2. build 3
this version address this vulnerability.


#############
timeline:
#############

discovered: 23-jul-2009
disclosure: 30 jul 2009

##################
testing
##################

Demostration Video => http://www.spymac.com/details/?2417793

Open Orca Browser and by default the browser load
'browser:home' page. in this page we can view tree
columns , 1 top sites 2 history and 3 recent bookmarks.

Bookmarks column is vulnerable to a xss. let´s go
to demostrate.
I make a web page posible vulnerable to a xss condition

<?
$cmd=$_GET[id]
?>

I place a online doc for demo here =>
http://usuarios.lycos.es/reyfuss/id.php?id=

open Orca browser and navigate to

http://usuarios.lycos.es/reyfuss/id.php?id="><script>alert(1)</script>
click in bookmark Tool bar and click in new bookmark and add this url.

Load browser:home or close and open the browser , the script
is executed in bookmarks column.


################ End #####################
andry
andry
Moderator
Moderator

Posts : 467
Join date : 2010-05-07

Back to top Go down

Back to top

- Similar topics

Professional Webmasters Community :: Webmaster Speak :: Tech Talk

 
Permissions in this forum:
You cannot reply to topics in this forum