Tuesday, April 12, 2016

Universal XSS Vulnerability in Comodo Dragon Browser - Version 29.1.0.0(Write Up)

Hello everyone,



In this article I will show you my "Proof of Concept" for the bug that I found in Comodo Dragon Browser (Version 29.1.0.0).  The vulnerability that I found is a Universal Cross Site Scripting (UXSS).



Below is the full Proof of Concept of the issue.





The vulnerability was reported to Comodo Security Team and already fixed on the latest version of their browser.

So I hope you enjoy this article and I hope it gives you an idea for your future hunting.



Thanks,

Evan

Reference: http://ceukelai.re/a-tale-of-two-offline-chrome-uxss-vulns/

"Do not dwell in the past, do not dream of the future, concentrate the mind on the present moment."


- Buddha

4 comments:

  1. Greetings from Los angeles! I'm bored to tears at work so
    I decided to check out your website on my iphone during lunch break.
    I really like the knowledge you present here and can't wait to take a look
    when I get home. I'm amazed at how fast your blog loaded on my mobile ..
    I'm not even using WIFI, just 3G .. Anyways, amazing site!

    ReplyDelete
  2. Is the page vulnerable to XSS? Or by adding a XSS to page even though it's not vulnerable to XSS and opening it in the Comodo browser will execute the XSS?
    Do a few explaination..

    ReplyDelete