On Internet security vulnerability is a weakness which allows attackers to control the system information. Attackers find the system flaws and take control over the system. Web browsers are only medium for surfing websites and they are essential part of Internet. Generally most of the users visit the websites through Google Chrome and Mozilla Firefox.
Recently, A young Pakistani hacker Rafay Baloch found a flaw in world most popular browsers, Google Chrome and Mozilla Firefox. Rafay is good bug hunter. He discovered a bug that could allow attackers to use address bar and divert users to the malicious and harmful websites, and can steal the sensitive information of the users.
Google security team also state that “We recognize that the address bar is the only reliable security indicator in modern browsers and if this could be controlled by an attacker it could be harmful.
Also Rafay baloch wrote on his blog (Rafay Hacking Articles), This feature can possibly be exploited by attackers y simply put natural characters like “/” or “!” towards the end of a URL that turn it and gives the false impression that the user is visiting an official site.
For example, a website which has logical order 127.0.0.1/!/http://facebook.com will be displayed as http://facebook.com/!/127.0.0.1. This gives false impression that the user is visiting official Facebook.com while being shown data from 127.0.0.1. “The IP address can be easily hidden in the URL specially on mobile browsers by selecting a long URL in order to make the attack look like realistic and making users fool.
Rafy Baloch wrote, “In order to make the attack more realistic, a Unicode versions of padlock can be used in order to display the presence of SSL.” Further he said, 70% of the direct traffic is affected by this bug which he found in Google chrome and Firefox.
Rafay Baloch living in Karachi and is an Hacker, Researcher and Author. He already discover command execution vulnerabilities on sub domain of PayPal in 2012. And PayPal awarded him $10,000 USD under their Bug Bounty program. Paypal have mentioned Rafay Baloch name on their Honorable Mention page to appreciate all efforts and contributions to Bug Bounty Program.
About Rafay Baloch
Rafay Baloch from Hyderabad, working at PTCL (ETISALAT) as a Manager Information Security. He is providing Consultancies for International Organizations. He got Primary and Secondary education from Bahria Foundation and PECHS Schools Karachi. Graduation in Computer Science with first position from Bahria University. He is one of the leading information security experts and evangelist in Pakistan. He is listed as Top 25 threat seekers of 2014 by SC-magazine for the issues he uncovered with Android. And top 5 Ethical hackers of 2014 according checkmarkx.