|
#####################EOF##################
It is a persintent script insercion and when the user click in the
menu for view
favorites page or access directly to favorites url this make a
"defacement" of this page and them the user can=B4t access to favorites
:)
( Url of favorites =>
chrome-extension://flock_people/favorites.html#p=1&v=all&o=0&s=title )
################# =80nd #######################
Atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
#########################################
Flock Browser 3.0.0.3989 Malformed Bookmark XSS
Vendor URL: http://beta.flock.com/
Advisore: http://lostmon.blogspot.com/2010/08/flock-browser-3003989-malformed.html
Vendor notify:NO exploits availables:YES
#########################################
Flock is faster, simpler, and more friendly. Literally.
It's the only sleek, modern web browser with the built-in
ability to keep you up-to-date with your Facebook and Twitter
friends.This browser version (3.0.0.3989) is based in a old
chromium project
Flock has a flaw that allows Cross-site scripting style attacks
In bookmarks is has a Malformed bookmark title persistent xss
when inport from other browsers a malformed bookmark or when add
a new malformed bookmark or import a bookmark html file.
###############################
Example Of Bookmark html file
###############################
Men=FA Marcadores