Steal Facebook user information: using Android same origin policy vulnerability a malicious application is found-vulnerability warning-the black bar safety net

2014-12-30T00:00:00
ID MYHACK58:62201457499
Type myhack58
Reporter 佚名
Modified 2014-12-30T00:00:00

Description

A few months ago we studied the Android same origin policy(SOP)of vulnerability, however recently there has been a use of this vulnerability to Facebook user attack a malicious application, which utilizes code based on the disclosed Metasploit test code.

myhack58 science: the same-origin policy bypass vulnerability

The same-origin policy(SOP)refers to the client-side script, especially Javascript of important security metrics, is browser security the core Foundation. It is the earliest from Nescape Navigator2. 0, and its object is to prevent a document or script from a plurality of different source loading. Here, homology refers to the same domain, same Protocol and same port.

And the same-origin policy bypass occurs at A site(sitea. com, for example)in some way to access the B site(siteb. com, for example)of the attribute, such as cookies, location, response etc. Due to this problem the special nature and potential impact of the browser this has very strict management mode, in now browser can rarely find the same-origin policy(SOP)bypass.

Attack process

Attack is by to a specific Facebook web page references a malicious web site link to achieve.

This page contains a malicious Javascript code:

!

It will try to inline the framework of Riga contains a Facebook web site:

!

[1] [2] [3] next