2022 yılındayız, HTML dosyaları cihazına hiçbir şey yapamaz. Şaka virüsü bile yazamazsın artık. Ayrıca sunucu falan da yok plain HTML dosyasından bahsediyoruz, uzaktan dosya indirmeye çalıştığı an CORS isimli güzel protokol konsolu kıpkırmızı hataya boyar. Her şeyi geçtim, gerçek virüs indirsen bile açmadığın sürece hiçbir şey olmaz. HTML olsa da olmasa da durum böyle.Bulaşır, kod yürütmesi gerçekleştirebilen bir HTML sayfası indirip bahsi geçtiği şekilde bildirim izni alabilir, sorgusuz indirme sistemi mevcutsa yürütülebilir dosyalar indirebilir. Bunları kurmadığınız sürece sorun olmasa da yine de riskli. Silmeniz doğru olmuş, tarayıcı ayarlarından bildirim erişimini kapatırsanız da o bildirimler de silinir.
Alakası yok, Stagefright gibi zararlılar zamanında cihaza HTML dosyalarının chain bağlantısından bulaştı, onlarca farklı zararlı bu yöntemi kullandı. Olmaması için bir sebep yok. Ortada bir konsol yok ayrıca, ek bir protokol yürütülmüyor. Kullandığı tarayıcı Android sisteminin dışında kendi indirme yöneticisine sahip ise gayet de risk altında. Örneğin her yerde önerdiğim Via tarayıcı, indirdiği dosyaları özellikle HTML, PHP dosyalarını kendi editörü içinde açabiliyor, onlarca farklı güvenlik protokolüne de sahip değil. Net bir açık oluşturuyor.2022 yılındayız, HTML dosyaları cihazına hiçbir şey yapamaz. Şaka virüsü bile yazamazsın artık. Ayrıca sunucu falan da yok plain HTML dosyasından bahsediyoruz, uzaktan dosya indirmeye çalıştığı an CORS isimli güzel protokol konsolu kıpkırmızı hataya boyar. Her şeyi geçtim, gerçek virüs indirsen bile açmadığın sürece hiçbir şey olmaz. HTML olsa da olmasa da durum böyle.
Tamamen yanlış bilgi, pasif haldeki zararlıların çok rahat tetiklenebildiği bir dönemdeyiz, bundan 10 yıl önce de durum böyleydi hala böyle. Giderek de yaygınlaşacaklar. İlla açmanıza gerek yok, etkileşime girmenize gerek yok, dosya sistemini kullanarak dahi kendilerini aktif konuma getirebilen zararlılar mevcut. Sadece geliştirici gözüyle değil, güvenlik alanından da bakmalısınız, özellikle konu güvenlik ise.Her şeyi geçtim, gerçek virüs indirsen bile açmadığın sürece hiçbir şey olmaz. HTML olsa da olmasa da durum böyle.
Bahsettiğiniz güvenlik açıklarını içeren ve cihazıma zarar verebilecek bir dosyayı sizlerden bekliyorum. Attığınız taktirde video kaydı alıp dosyayı Android cihazımdan açacağım. Hep birlikte görelim zarar verebilir mi veremez mi.Alakası yok, Stagefright gibi zararlılar zamanında cihaza HTML dosyalarının chain bağlantısından bulaştı, onlarca farklı zararlı bu yöntemi kullandı. Olmaması için bir sebep yok. Ortada bir konsol yok ayrıca, ek bir protokol yürütülmüyor. Kullandığı tarayıcı Android sisteminin dışında kendi indirme yöneticisine sahip ise gayet de risk altında. Örneğin her yerde önerdiğim Via tarayıcı, indirdiği dosyaları özellikle HTML, PHP dosyalarını kendi editörü içinde açabiliyor, onlarca farklı güvenlik protokolüne de sahip değil. Net bir açık oluşturuyor.
Sizin bahsettiğinizin durumla ilgisi yok.
Tamamen yanlış bilgi, pasif haldeki zararlıların çok rahat tetiklenebildiği bir dönemdeyiz, bundan 10 yıl önce de durum böyleydi hala böyle. Giderek de yaygınlaşacaklar. İlla açmanıza gerek yok, etkileşime girmenize gerek yok, dosya sistemini kullanarak dahi kendilerini aktif konuma getirebilen zararlılar mevcut. Sadece geliştirici gözüyle değil, güvenlik alanından da bakmalısınız, özellikle konu güvenlik ise.
Affedersiniz de, güvenlik alanında deneyiminiz kaç yıl?Bahsettiğiniz güvenlik açıklarını içeren ve cihazıma zarar verebilecek bir dosyayı sizlerden bekliyorum. Attığınız taktirde video kaydı alıp dosyayı Android cihazımdan açacağım. Hep birlikte görelim zarar verebilir mi veremez mi.
Ortada konsol yok demişsiniz ama DevTools ne güne duruyor? Bahsettiğiniz dosya indirme işlemini Javascript olmadan nasıl başlatacaksınız?
Başka bir tarayıcı üzerinden güvenlik açığı oluşturduğunu söylemişsiniz, e zaten bu tarayicidan tarayiciya değişir. Ben de gidip Netscape kullanmaya kalksam doğal olarak güvenlik açığı olan eski bir tarayıcı kullanmış olurum. Neden sıklıkla yeni bir Chromium sürümü çıkıyor sanıyorsunuz?
Diyorum ya hocam gönderin öyle bir HTML dosyası, nereden tetikliyorsanız tetikleyin ben de açayımAffedersiniz de, güvenlik alanında deneyiminiz kaç yıl?
Bir HTML dosyasına, farklı bir zararlı paketi eklenebileceğini veya bu paketin web üzerinden tetiklenebilecek bir bağlantı aracılığıyla cihaza sızdırılabileceği hakkında ne fikriniz ne bilginiz var sanırım. Developer yazmadan önce sistemlerin çalışma yapısına göz atmakta fayda var.
CVE-2020-6572Diyorum ya hocam gönderin öyle bir HTML dosyası, nereden tetikliyorsanız tetikleyin ben de açayım
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVSS Score 9.3
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID 416
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS Score 6.8
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID 843
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS Score 6.8
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID 843
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS Score 6.8
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID 843
Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS Score 6.8
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID 843
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.
CVSS Score 6.8
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID 345
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS Score 6.8
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID 787
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVSS Score 6.8
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute CodeOverflow
CWE ID 119
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVSS Score 6.8
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID 416
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
CVSS Score 9.3
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute CodeOverflow
CWE ID 190
Unvanlar genelde kişinin kendi kendine verdiği bir şey değildir, kazanılan bir şeydir. Öncelikli hedefiniz ihtisasınızı tamamlamak olsun derim.ha oradan benim unvanına laf atmaya devam edecekseniz sizin bileceğiniz iş.
CVE-2020-6572
Kod:Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVSS Score 9.3 Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.) Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None. Vulnerability Type(s) Execute Code. CWE ID 416
CVE-2021-30599
Kod:Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVSS Score 6.8 Confidentiality Impact Partial (There is considerable informational disclosure.) Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) Availability Impact Partial (There is reduced performance or interruptions in resource availability.) Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None. Vulnerability Type(s) Execute Code. CWE ID 843
CVE-2021-30598
Kod:Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVSS Score 6.8 Confidentiality Impact Partial (There is considerable informational disclosure.) Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) Availability Impact Partial (There is reduced performance or interruptions in resource availability.) Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None. Vulnerability Type(s) Execute Code. CWE ID 843
CVE-2021-21224
Kod:Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVSS Score 6.8 Confidentiality Impact Partial (There is considerable informational disclosure.) Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) Availability Impact Partial (There is reduced performance or interruptions in resource availability.) Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None. Vulnerability Type(s) Execute Code. CWE ID 843
CVE-2020-6537
Kod:Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVSS Score 6.8 Confidentiality Impact Partial (There is considerable informational disclosure.) Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) Availability Impact Partial (There is reduced performance or interruptions in resource availability.) Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None. Vulnerability Type(s) Execute Code. CWE ID 843
CVE-2020-6443
Kod:Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page. CVSS Score 6.8 Confidentiality Impact Partial (There is considerable informational disclosure.) Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) Availability Impact Partial (There is reduced performance or interruptions in resource availability.) Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None. Vulnerability Type(s) Execute Code. CWE ID 345
CVE-2019-13735
Kod:Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVSS Score 6.8 Confidentiality Impact Partial (There is considerable informational disclosure.) Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) Availability Impact Partial (There is reduced performance or interruptions in resource availability.) Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None. Vulnerability Type(s) Execute Code. CWE ID 787
CVE-2019-13726
Kod:Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVSS Score 6.8 Confidentiality Impact Partial (There is considerable informational disclosure.) Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) Availability Impact Partial (There is reduced performance or interruptions in resource availability.) Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None. Vulnerability Type(s) Execute CodeOverflow. CWE ID 119
CVE-2019-13725
Kod:Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVSS Score 6.8 Confidentiality Impact Partial (There is considerable informational disclosure.) Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) Availability Impact Partial (There is reduced performance or interruptions in resource availability.) Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None. Vulnerability Type(s) Execute Code. CWE ID 416
CVE-2019-5789
Kod:An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. CVSS Score 9.3 Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.) Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None. Vulnerability Type(s) Execute CodeOverflow. CWE ID 190
İnceleyin bakalım, cihaza hiçbir şey yapamaz dediğiniz HTML dosyaları, çok değil 1 sene kadar önce 2021 yılında onlarca farklı yüksek dereceli doğrulanmış güvenlik açığının temel bileşeni oldu. Hepsi de Google Chrome gibi "sürekli güncellenen Chromium" tarayıcısında oldu. Tıpkı bahsettiğiniz gibi. Hiçbir şey yapamaz dediğiniz saldırı tipi, Chrome üzerinde buffer Overflow'a kadar pek çok ciddi ve riskli saldırı tipini tetikliyor. Ufacık bir araştırmayla kendiniz de bulabilirdiniz.
Unvanlar genelde kişinin kendi kendine verdiği bir şey değildir, kazanılan bir şeydir. Öncelikli hedefiniz ihtisasınızı tamamlamak olsun derim.
Aklınıza takılan olursa sorabilirsiniz, seve seve cevaplarım. Sevgiler...