Epic Privacy Browser - History Leakage

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1036980 漏洞类型
发布时间 2017-07-25 更新时间 2017-07-25
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2017070154
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
================================================================
Title -> Epic Privacy Browser - History Leakage
Date -> July 25, 2017
Author -> bRpsd
skype: vegnox
Browser Website -> https://epicbrowser.com/
Type -> Local
Versions -> 58.0.3029.110 (latest) and prior on Windows.
Tested on -> Win7 64-bit
================================================================


Epic Browser is suppose to keep you secured browsing without keeping any trace or 'history' left behind.
but I found 3 local files that saves browsing history AND stores it!

Location of files:
C:\Users\Windows User Here\AppData\Local\Epic Privacy Browser\User Data\Default\

Files:
Preferences -> JSON Format
Login Data -> SQL format
WebRTCIdentityStore -> SQL format
Cookies -> stored Cookies [temprorarily]

Preferences -> dns_prefetching -> host_referral_list
Preferences -> net -> http_server_properties -> servers


You can use this Simple CMD Tool to move all files to your desktop within a click and view them:
http://www.mediafire.com/file/tomkzly8jh3ngsb/EHISTORY.zip


Json Viewer: http://jsonviewer.stack.hu/
SQL Browser: https://nightlies.sqlitebrowser.org/latest/