Google Toolbar About.HTML HTML Injection Vulnerability

imaginemn · 09-20-2004, 02:51 PM

Exploit

Google Toolbar is reported prone to a HTML injection vulnerability. It is reported that the Google Toolbar 'ABOUT.HTML' page allows the injection of HTML and JavaScript code.

This vulnerability may allow an attacker to inject malicious HTML and script code into the about page of the vulnerable application.

Solution

Currently we are not aware of any vendor-supplied patches for this issue.

The following proof of concept is available:

<script>window.showModalDialog("res://C:\\Program%20Files\\Google\\GoogleToolbar1.dll/ABOUT.HTML", "<div style=\"background-image: url(javascript:alert(location.href));\">");</script>

imaginemn

I, Brian · 09-21-2004, 01:29 AM

I was just wondering this morning if there were any security issues with the toolbar.

Is this sepcific to the toolbar itself, or the browser using the toolbar (ie, IE)?

Also - do you have a confirmed source for this? I'm talking about Symantec et al.

imaginemn · 09-21-2004, 06:38 AM

It's with the toolbar itself. If you copy the code and save it as an html file then open the html file you will see the vulnerability. I did not discover this flaw. Since this is a newly discovered issue I am not sure the full extent of the damage that could be caused. The code provided will only do a javascript alert window to prove concept. It affects Google Toolbar 1.1.41 through Google Toolbar 2.0.114 .1 versions.

This is an issue that was recently discovered on September 17 and being discussed at a corporate security briefing I was attending due to some security alerts I received.

I meant to post some links that confirms this.

http://www.securityfocus.com/bid/11210
http://www.securitytracker.com/alert...p/1011351.html

imaginemn