In this article I will show you my "Proof of Concept" for the bug that I found in Comodo Dragon Browser (Version 29.1.0.0). The vulnerability that I found is a Universal Cross Site Scripting (UXSS).
Below is the full Proof of Concept of the issue.
The vulnerability was reported to Comodo Security Team and already fixed on the latest version of their browser.
So I hope you enjoy this article and I hope it gives you an idea for your future hunting.
Thanks,
Evan
Reference: http://ceukelai.re/a-tale-of-two-offline-chrome-uxss-vulns/
"Do not dwell in the past, do not dream of the future, concentrate the mind on the present moment."
- Buddha
Greetings from Los angeles! I'm bored to tears at work so
ReplyDeleteI decided to check out your website on my iphone during lunch break.
I really like the knowledge you present here and can't wait to take a look
when I get home. I'm amazed at how fast your blog loaded on my mobile ..
I'm not even using WIFI, just 3G .. Anyways, amazing site!
Thanks :)
ReplyDeleteIs the page vulnerable to XSS? Or by adding a XSS to page even though it's not vulnerable to XSS and opening it in the Comodo browser will execute the XSS?
ReplyDeleteDo a few explaination..
The vulnerable was the browser.
ReplyDelete