10 matches found
Android Browser Remote Code Execution Through Google Play Store XFO
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Browser RCE Through Google Play Store XFO', 'Description' = %q This module combines two vulnerabilities to achieve remote code execution ...
CVE-2014-6041
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/androidstockbrowseruxss.rb 2018-05-29 15:50:33+00:00| seen|...
Google Play Bug Can Allow Code Execution
Using a combination of vulnerabilities in the Google Play store and the Android stock browser, attackers can install malicious apps remotely on some Android devices. The attack is the result of a failure on the part of Google’s Play Store Web application to completely enforce the X-Frame-Options...
Android Browser RCE Through Google Play Store XFO
This module combines two vulnerabilities to achieve remote code execution on affected Android devices. First, the module exploits CVE-2014-6041, a Universal Cross-Site Scripting UXSS vulnerability present in versions of Android's open source stock browser the AOSP Browser prior to 4.4. Second, th...
CSP Bypass in android browser prior to 4.4
Hello. I hope this is the correct place to report this bug. I've found a Content Security Policy bypass similar to the same and related to the same origin policy bypass in this CVE. This is a separate vulnerability, however. https://vulners.com/cve/CVE-2014-6041 I've tested this on an Android 4.3...
Android Browser CSP Bypass
Hello. I hope this is the correct place to report this bug. I've found a Content Security Policy bypass similar to the same and related to the same origin policy bypass in this CVE. This is a separate vulnerability, however. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6041 I've tested...
Google Android Browser Same Origin Policy Bypass (CVE-2014-6041)
A security bypass vulnerability has been reported in Google Android's stock browser. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another...
New Android Browser Vulnerability Is a “Privacy Disaster” for 70% Of Android Users
A Serious vulnerability has been discovered in the Web browser installed by default on a large number Approximately 70% of Android devices, that could allow an attacker to hijack users' open websites, and there is now a Metasploit module available to easily exploit this dangerous flaw. The exploi...
Android built-in browser cross-domain vulnerabilities UXSS-a vulnerability warning-the black bar safety net
Related links: http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html Test Link: http://x7s.pw/001.html iframe name="m" src="http://www.myhack58.com/" onload="window. open'\u0000javascript:alertdocument. location','m'" Genesis: because the Android built-in browser to...
CVE-2014-6041
CVE-2014-6041 is a UXSS/SOP bypass in Android’s stock browser (AOSP) prior to 4.4 and in WebView, enabling cross-site script execution via crafted input containing a null character. Affected: Android stock browser before 4.4 and apps using WebView. Impact: partial confidentiality and integrity th...