Avant Browser URI about: Dialog XSS

Friday, September 05, 2008
##########################################
Avant Browser URI about: Dialog XSS.
Vendor URL: http://www.avantbrowser.com/
Advisory:http://lostmon.blogspot.com/2008/09/
avant-browser-uri-about-dialog-xss.html
Vendor notify:Yes exploit available:yes
##########################################

##########################
Vulnerability description
##########################

Avant Browser contains a flaw that allows a remote
cross site scripting attack.This flaw exists because
the application does not validate In the URI dialog
'about:' This could allow a user to create a specially
crafted URL that would execute arbitrary code in a user's
browser within the trust relationship between the browser
and the server,leading loss of integrity.

#################
Versions
################·

Avant Browser 11.6 built 20 vulnerable.

Avant Browser 11.6 built 7 vulnerable


###################
Solution
###################

No Solution at this time !!!



###################
Timeline
##################

Discovered:16-08-2008
vendor notify:05-09-2008
Vendor response:---
Public Disclosure:----

###################
Proof of Concept.
###################

#############
Test
#############

Put in your Avant Broser

about:"><script>alert(1)</script>

or create a link like

<a href='about:"><script>alert(1)</script>'>Avant Browser XSS</a>

############## €nd ###################

Thnx To estrella to be my light
Thnx to all Lostmon Team !
thnx to imydes From www.imydes.com
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....

Latest OSVDB Vulnerabilities

 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...