Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
IETab Chrome Weirdness
Posted by: rsnake
Date: December 15, 2006 11:19AM

If you have IETab put this in your URL window:

chrome://ietab/content/reloaded.html?url=http://ha.ckers.org/

Then put:

view-source:chrome://ietab/content/reloaded.html

For those of you who don't have it installed:

<html>
<head>
<title></title>
<link rel="icon" href="chrome://ietab/skin/ietab-engine-ie.png"/>
<script type="text/javascript">
function loadIETab(){
var href = document.location.href;
var i = href.indexOf("?url=");
if (i == -1) return;
var url = decodeURI(href.substring(i+5));
if (url && url!="") {
try { if (/^file:\/\/.*/.test(url)) url = decodeURI(url); } catch(e) {}
document.title = url;
var ietab = document.getElementById("IETab");
if (ietab) ietab.navigate(url);
}
}
</script>
</head>
<body style="margin:0; padding:0;"
onload="window.setTimeout(loadIETab,0);"
onpageshow="if(event.persisted)window.setTimeout(loadIETab,0);"/>
<object id="IETab" type="application/ietab" width="100%" height="100%"/>
</body>
</html>

Kay, so it's a redirection... why isn't this exploitable? Or is it? I can't instantiate chrome:// in any context that is useful that I can tell. Ugh, this is killing me.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: IETab Chrome Weirdness
Posted by: maluc
Date: December 15, 2006 12:53PM

as far as i know, i don't think think websites have any access to calling chrome pages.. or do they?

But it may not be impossible.. a while back i was messing around with trying to call them as well as "about:" pages, and checking if they triggered onerror/onabort/onload for browser fingerprinting. And a few times FF actually rendered about:config in an iframe o.o .. i couldn't figure out why it did 1 outta 50 times and not the other 49 though. Very strange.

I posted about it back then, then gave up.. but i think there's something more to it.

-maluc

Options: ReplyQuote
Re: IETab Chrome Weirdness
Posted by: rsnake
Date: December 15, 2006 04:37PM

It's very frustrating. I bet there's a hole here in one or more of the plugins, but I probably don't have the right combination of them installed.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: IETab Chrome Weirdness
Posted by: nilhz
Date: March 11, 2008 11:06PM

I have a similar problem with

chrome://ietab/content/reloaded.html?url

Recently I build a website that already used this script. I dont know how to edit this url, besides that I have new files upload so I can`t solve. In mozilla starts ok, but when I enter with a EI, it displays the old content (just one part) when I refresh the page it loads the new site. I really want to know how I can edit this script? (I already replace, the index and default archives in the host server).

I will apreciate if you can help me

Thanks

Options: ReplyQuote
Re: IETab Chrome Weirdness
Posted by: trev
Date: March 21, 2008 06:07AM

I looked at that page as well a while ago. If a website were able to open it, it could force Firefox to run a page through IE - that in itself is already a vulnerability. Fortunately, Firefox doesn't allow web sites to link or redirect to chrome://, so that IETab is *relatively* safe.

Options: ReplyQuote


Sorry, only registered users may post in this forum.