Google Chrome MetaCharacter URI Obfuscation Vulnerability.

Proof of Concept

Note: Google Chrome MetaCharacter URI Obfuscation Vulnerability.

This POC has been designed with minimum object usage. This can be made more critical dependent on the object usage.

Check the Status Bar for Address Problem. Have a Look at the Source too.

URL Spoofing is pointed as Virus on this Server.

index.html (index.html): Virus Detected; File not Uploaded! (Exploit.URLSpoof.gen.2 FOUND). No Direct URL. Sorry for that.

Link1 : ftp://anoymous:guest@microsoft.com

Link2 : [Without NULL] | http://www.google.com@yahoo.com | [Google --> Yahoo [Obfuscation]]

Link3 : http://www.secniche.org%00@www.milw0rm.com [With NULL] SecNiche --> Milw0rm [Obfuscation]

Check the Status Bar for Address Problem,

Microsoft FTP Site Analysis through URI Obfuscation in Google Chrome.

FTP Link Check with No Credentials

Response for FTP with Credentials.

Version Tested:

Official Build 1798
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/525.13 (KHTML, like Gecko)
Chrome/0.2.149.29 Safari/525.13

Official Build 2200
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/525.13 (KHTML, like Gecko)
Chrome/0.2.149.30 Safari/525.13

Google Chrome MetaCharacter URI Obfuscation Vulnerability.Proof of Concept

URL Spoofing is pointed as Virus on this Server.

Microsoft FTP Site Analysis through URI Obfuscation in Google Chrome.

FTP Link Check with No Credentials

Response for FTP with Credentials.

Google Chrome MetaCharacter URI Obfuscation Vulnerability.

Proof of Concept