CVE-2023-4357-Exploitation

Network Security Project

Description

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page.

Reproduce

Set up the Environment

Download Chrome on Linux

$ wget https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/114.0.5735.90/linux64/chrome-linux64.zip

$ unzip chrome-linux64.zip

Execute

$ ./chrome-linux64/chrome --no-sandbox

Start a Web Server

prepare an SVG file to exploit the vulnerability
prepare a bash script for starting the http server
execute the script

$ chmod +x start_server.sh

$ ./start_server.sh

Access the Browser

access the d.svg file on Chrome by navigating to localhost on port 8888

http://127.0.0.1:8888/d.svg

Reference

link

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
Docs		Docs
src		src
.gitignore		.gitignore
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2023-4357-Exploitation

Description

Reproduce

Set up the Environment

Start a Web Server

Access the Browser

Reference

About

Releases

Packages

Languages

lon5948/CVE-2023-4357-Exploitation

Folders and files

Latest commit

History

Repository files navigation

CVE-2023-4357-Exploitation

Description

Reproduce

Set up the Environment

Start a Web Server

Access the Browser

Reference

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages