Thread: Google Toolbar About.HTML HTML Injection Vulnerability
View Single Post
Old 09-20-2004, 03:51 PM   #1 (permalink)
imaginemn
v7n Mentor
 
imaginemn's Avatar
 
Join Date: 02-18-04
Location: Minneapolis, Minnesota
Posts: 1,947
iTrader: 0 / 0%
Latest Blog:
None

imaginemn is a name known to allimaginemn is a name known to allimaginemn is a name known to allimaginemn is a name known to allimaginemn is a name known to allimaginemn is a name known to allimaginemn is a name known to allimaginemn is a name known to allimaginemn is a name known to allimaginemn is a name known to allimaginemn is a name known to all
Send a message via MSN to imaginemn Send a message via Yahoo to imaginemn Send a message via Skype™ to imaginemn
Google Toolbar About.HTML HTML Injection Vulnerability
Exploit

Google Toolbar is reported prone to a HTML injection vulnerability. It is reported that the Google Toolbar 'ABOUT.HTML' page allows the injection of HTML and JavaScript code.

This vulnerability may allow an attacker to inject malicious HTML and script code into the about page of the vulnerable application.

Solution

Currently we are not aware of any vendor-supplied patches for this issue.

The following proof of concept is available:

<script>window.showModalDialog("res://C:\\Program%20Files\\Google\\GoogleToolbar1.dll/ABOUT.HTML", "<div style=\"background-image: url(javascript:alert(location.href));\">");</script>

imaginemn
__________________
Need a project done? - Set Your Own Price!
Imagine Creative Services - Design : Marketing : Multimedia : More
imaginemn is offline   Reply With Quote