Latest News

Android Browser Kitkat Content Spoofing Vulnerability


The following is a low risk vulnerability that was found few months ago while testing the latest Android Stock browser on Android Kitkat.  The issue that was found is commonly referred as Content spoofing Vulnerability or dialog box spoofing vulnerability which could be used to fake an alert message on a legitimate website.

In other words, i could display an alert box (Of my choice) on the site of my choice. Whereas in chrome, Firefox and other browser the alert box appears on correct tab. 

POC

<a onclick="test()">CLICK</a> 
<script> function test()
{ window.open('http://bing.com/') setTimeout (function(){alert("HACKED");}, 5000) } 
</script>

Upon executing the above code, the alert box would be displayed on bing.com. 




Technical Details

The issue resides inside of the ASOP browser, and more specifically due to the fact the webview fails to overwrite the WebChromeClient.onJsAlert() method which is responsible for displaying the javascript alert box and this way webview is not able to switch the JsAlert() to the correct tab.

Future Releases

I have recently reported another medium risk issue present in latest android stock browser, which would be released once the issue is addressed by the Google team. 

No comments:

Post a Comment

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code