################################################# QTWeb Internet Browser URL weakness lets remote attackers to do Spoof or phishing attacks Vendor URL: http://www.qtweb.net/ Vendor bugtrack=> http://code.google.com/p/qtweb/issues/detail?id=151 Advisore: http://lostmon.blogspot.com/2011/10/qtweb-internet-browser-url-weakness.html Vendor notify: YES exploit available: YES ################################################## ################### Description By vendor ################### QtWeb Internet Browser - lightweight, secure and portable browser having unique user interface and privacy features. QtWeb is an open source project based on Nokia's Qt framework and Apple's WebKit rendering engine (the same as being used in Apple Safari and Google Chrome). ###################### Vulnerability Description ###################### In a normal case when navigate to a site, the browser shows real URL But it has a weakness and a attacker can show a empty URL. This weakness can be used for pishing or spoof attacks because you can think that you are in bank of america for example and the browser don't show nothing in URL:) Whithout Any URL => http://3.bp.blogspot.com/-fo5gIcETZwE/TomQza97d0I/AAAAAAAAAFw/hMl0NPCRvqA/s400/qt1.jpg Also a attacker can compose a popup with atributes and it can be used too for spoof or phishing attacks. toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0 Popup Whithout Toolbars and address bar => http://3.bp.blogspot.com/-fixIYjkGkCE/TomSNePdc4I/AAAAAAAAAF0/vSKXq1aufo8/s400/qt2.jpg ################ Versions afected ################ QTweb 3.7.2 Vulnerable QTweb 3.7.3 (buils 087) Vulnerable and posible prior versions. ###################### Proof Of Concept ######################
First Click in this link ==> invoke PoC
and Look in result window, the address bar , don't show The url and if you write any url in the address bar, the browser do not navigate to it. This issue can be used to spoof sites or pishing attacks. Safari 5.1 (7534.50) ################ Solution ############### No solution at this time !!! ############### Timeline ############### Discovered :Mar 30, 2011 Vendor Notify: Sep 28, 2011 Vendor response: XXXXX Vendor Patch: XXXXXX Public Disclosure: Oct 03, 2011 ########################## €nd ######################## Atentamente: Lostmon (lostmon@gmail.com) Web-Blog: http://lostmon.blogspot.com/ Google group: http://groups.google.com/group/lostmon (new) -- La curiosidad es lo que hace mover la mente....