In this article I will show you my "Proof of Concept" for the bug that I found in Comodo Dragon Browser (Version 29.1.0.0). The vulnerability that I found is a Universal Cross Site Scripting (UXSS).
Below is the full Proof of Concept of the issue.
The vulnerability was reported to Comodo Security Team and already fixed on the latest version of their browser.
So I hope you enjoy this article and I hope it gives you an idea for your future hunting.
Thanks,
Evan
Reference: http://ceukelai.re/a-tale-of-two-offline-chrome-uxss-vulns/
"Do not dwell in the past, do not dream of the future, concentrate the mind on the present moment."
- Buddha
Thanks :)
ReplyDeleteIs the page vulnerable to XSS? Or by adding a XSS to page even though it's not vulnerable to XSS and opening it in the Comodo browser will execute the XSS?
ReplyDeleteDo a few explaination..
The vulnerable was the browser.
ReplyDelete