Google Chrome version 0.2.149.30 suffers from a file type checking vulnerability allowing for cross site scripting attacks via ftp, etc.
28b8161b0755cc4754ba18a6418e6fa286abea5302a70875dfb3ff7b8ec37287###########################################################
# Google Chrome 0.2.149.30, #
# file type check vulnerability #
# when browsing through ftp. #
###########################################################
# For example, when browsing: #
# ftp://ftp.example.net/picture.jpg #
# or it could be .txt, .pdf, etc... #
# Google Chrome does not check the file type. #
# #
# When browsing only ftp://ftp.example.net/ #
# you will see the picture.jpg file, like any other #
# image file. #
###########################################################
Example content of the picture.jpg file:
/Begin:
<html>
<body>
<script>alert('backdoored');</script>
</body>
</html>
End\
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed