Jump to content
thehat

Google Chrome Silent HTTP Authentication

By thehat, in Exploituri

Recommended Posts

thehat Newbie

thehat

Posted
Posted

Google Chrome Silent HTTP Authentication

# Exploit Title: [Google Chrome Silent HTTP Authentication]

# Date: [2-5-2013]

# Exploit Author: [T355]

# Vendor Homepage: [http://www.google.com/chrome]

# Version: [24.0.1312.57]

# Tested on: [Tested on: Windows 7 & Mac OSX Mountain Lion]

# CVE : [n/a]

VULNERABILITY DETAILS

The latest version of Google Chrome (Tested on Version 24.0.1312.57)

fails to properly recognize HTTP Basic Authentication when injected in

various HTML tags. As a result of this behavior Chrome will not alert

the user when HTTP Basic Authentication is taking place or when

credentials are rejected. This behavior is particularly concerning

with respect to small office and home routers. Such devices are easily

brute forced using this method. Many of these devices have the default

password enabled which brings me to part II of this bug. Silent HTTP

Authentication allows the attacker to log into the router and change

settings with no alerts and or warnings issued by Chrome. The end

result allows an attacker to brute force the router login, connect to

the router, enable remote administration and of course control all

information on the entire network via DNS attacks etc.

REPRODUCTION CASE

I have attached the following files:

sploit.txt - Indicates the buggy code.

jquery.js - Used for real world scenario but not needed for bug.

brute.js - Real world attack scenario for this bug.

index.html - HTML Attack Page

attack.php - Payload file for Linksys Routers.

VERSION

Chrome Version: [24.0.1312.57]

Operating System: [Tested on: Windows 7 & Mac OSX Mountain Lion]

CREDIT

I do want my real name to remain anonymous.

Please credit -T355

IMPACT

The impact for this bug is enormous. Tens of millions of home routers

can easily be completely compromised. Distributed brute force attacks

can be performed on any HTTP Authentication portal.

RECOMMENDATIONS

Reference how Firefox and Safari handle the attached code.

PoC: http://www.exploit-db.com/sploits/24486.tar.gz

Sursa: Google Chrome Silent HTTP Authentication

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...