Tuesday, April 12, 2016

Universal XSS Vulnerability in Comodo Dragon Browser - Version 29.1.0.0(Write Up)

Hello everyone,



In this article I will show you my "Proof of Concept" for the bug that I found in Comodo Dragon Browser (Version 29.1.0.0).  The vulnerability that I found is a Universal Cross Site Scripting (UXSS).



Below is the full Proof of Concept of the issue.





The vulnerability was reported to Comodo Security Team and already fixed on the latest version of their browser.

So I hope you enjoy this article and I hope it gives you an idea for your future hunting.



Thanks,

Evan

Reference: http://ceukelai.re/a-tale-of-two-offline-chrome-uxss-vulns/

"Do not dwell in the past, do not dream of the future, concentrate the mind on the present moment."


- Buddha

3 comments:

  1. Is the page vulnerable to XSS? Or by adding a XSS to page even though it's not vulnerable to XSS and opening it in the Comodo browser will execute the XSS?
    Do a few explaination..

    ReplyDelete