.

Exploiting Web Browser Vulnerabilities

<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 459

Joined: Thu Mar 03, 2011 3:54 am

Post Tue Jan 10, 2012 11:49 pm

Exploiting Web Browser Vulnerabilities

I was hoping somebody could verify/clarify something for me...

Whenever I think of web browser vulnerabilities, I always think of having that vulnerability exploited via a specially crafted website.  I was just thinking though: would a vulnerable web browser be just another vulnerable application that could be exploited locally/remotely like, say, a vulnerable FTP server application?
GSEC, eCPPT, Sec+
<<

dynamik

Recruiters
Recruiters

Posts: 1134

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Jan 11, 2012 12:50 am

Re: Exploiting Web Browser Vulnerabilities

Sure, it's just another application. For example, if there's a vulnerability associated with the way a web browser processes JPGs, it's possible that it would be just as vulnerable opening a JPG from the local disk as it would be loading one that's embedded in an HTML page (obviously, depending on how that specific vulnerability could be exploited).
The day you stop learning is the day you start becoming obsolete.
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 459

Joined: Thu Mar 03, 2011 3:54 am

Post Wed Jan 11, 2012 2:05 am

Re: Exploiting Web Browser Vulnerabilities

Just as I suspected.  Thanks dynamik! :)
GSEC, eCPPT, Sec+
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Jan 11, 2012 5:42 pm

Re: Exploiting Web Browser Vulnerabilities

There's quite a few browser exploits in Metasploit, along with one module that tries a lot of different exploits.

Set up a VM with e.g. IE5 or IE6 on an unpatched system, serve a client-side browser exploit with Metasploit, browse to the page with your vulnerable VM.  :)

Browser-exploits, targets the browser of course, but also Java, Flash, Image-interpreters, and sometimes custom extensions too. (And more.)

But as dynamik said, it is in essence just another application  ;D
I'm an InterN0T'er
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 459

Joined: Thu Mar 03, 2011 3:54 am

Post Wed Jan 11, 2012 6:04 pm

Re: Exploiting Web Browser Vulnerabilities

Good idea MaXe, I'll do that tonight when I get home.  I think I have an unpatched WinXP VM already, but will have to double check.
GSEC, eCPPT, Sec+

Return to Other

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software