关联漏洞
标题:Google Chrome 安全漏洞 (CVE-2023-4357)Description:Google Chrome是美国谷歌(Google)公司的一款Web浏览器。 Google Chrome 116.0.5845.96 之前版本存在安全漏洞,该漏洞源于XML 中输入验证不充分,允许远程攻击者通过精心设计的 HTML 页面绕过文件访问限制。
Description
Network Security Project
介绍
# CVE-2023-4357-Exploitation
Network Security Project
### Description
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page.
### Reproduce
#### Set up the Environment
- Download Chrome on Linux
```bash!
$ wget https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/114.0.5735.90/linux64/chrome-linux64.zip
$ unzip chrome-linux64.zip
```
- Execute
```bash!
$ ./chrome-linux64/chrome --no-sandbox
```
#### Start a Web Server
- prepare an SVG file to exploit the vulnerability
- prepare a bash script for starting the http server
- execute the script
```bash!
$ chmod +x start_server.sh
$ ./start_server.sh
```
#### Access the Browser
access the d.svg file on Chrome by navigating to localhost on port 8888
```bash
http://127.0.0.1:8888/d.svg
```
### Reference
- [link](https://github.com/xcanwin/CVE-2023-4357-Chrome-XXE)
文件快照
[4.0K] /data/pocs/66b427a3435454c83194a1f378da3b9bd82ef30d
├── [4.0K] Docs
│ ├── [1.3M] report.pdf
│ └── [145K] spec.pdf
├── [ 962] README.md
└── [4.0K] src
├── [1.1K] d.svg
└── [ 40] start_server.sh
2 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。