Abusing Browsers UIs - Some simple PoCs

File excution via keyboard interaction (IE9 on Windows 7 / IE10 on Windows 8)

NOTICE #1: The following demo will download and launch an exe file without your explicit approvation: the exe file is classified as "malicious" program on some malware sites (http://minotauranalysis.com/search.aspx?q=4b725d2eb9a80826b639187b1dbc8f7a). Be sure to stop the installation process of the exe before completion. This is a proof that Smartscreen filter is not 100% safe.

Tip: On IE10 it is enough to type "TAB" then "r", on IE9 just type "r"

NOTICE #2: "r" is the keyboard shortcut for "Run". The required key may change accordingly to the language of the OS (e.g. "e" in Italian)

Demo 1

File excution via window overlay (Chrome on Windows 8)

This demo requires a screen resolution of 1366 x 768 in order to work properly

NOTICE: The following demo will trick you into downloading and launching an exe file without explicit approvation: the exe file is classified as "malicious" program on some malware sites (http://minotauranalysis.com/search.aspx?q=4b725d2eb9a80826b639187b1dbc8f7a). Be sure to stop the installation process of the exe before completion.

Demo 2

Granting privileges to websites through window overlay (Chrome on Windows 8)

This demo requires a screen resolution of 1366 x 768 in order to work properly

NOTICE: The following demo will trick you into granting geolocation privileges to this site without explicit approvation. This can be extended to similar privilegs (fullscreen, notifications, etc).

Demo 3

Clickjacking through window overlay (Chrome on Windows 8)

This demo requires a screen resolution of 1366 x 768 in order to work properly

Before runnig this demo, login on Twitter and go back to this page

NOTICE: The following demo will trick you into following a new contact from your Twitter account. This can be extended to similar scenarios.

Demo 4