This Metasploit module combines two vulnerabilities to achieve remote code execution on affected Android devices. First, the module exploits CVE-2014-6041, a Universal Cross-Site Scripting (UXSS) vulnerability present in versions of Androids open source stock browser (the AOSP Browser) prior to 4.4. Second, the Google Play stores web interface fails to enforce a X-Frame-Options: DENY header (XFO) on some error pages, and therefore, can be targeted for script injection. As a result, this leads to remote code execution through Google Plays remote installation feature, as any application available on the Google Play store can be installed and launched on the users device. This Metasploit module requires that the user is logged into Google with a vulnerable browser. To list the activities in an APK, you can use aapt dump badging /path/to/app.apk.
328d1360b3bebdb1d86c00098a6491927d2bd65f1172897b674f5d8cc7695731This Metasploit module exploits a Universal Cross-Site Scripting (UXSS) vulnerability present in all versions of Androids open source stock browser before 4.4, and Android apps running on < 4.4 that embed the WebView component. If successful, an attacker can leverage this bug to scrape both cookie data and page contents from a vulnerable browser window. Target URLs that use X-Frame-Options can not be exploited with this vulnerability. Some sample UXSS scripts are provided in data/exploits/uxss.
515d589ae7fa921c6c47ddf5fa3b3cc8aad06aec0fe62c65331d5cac2c574d51This Metasploit module exploits a universal cross-site scripting (UXSS) vulnerability found in Internet Explorer 10 and 11. By default, you will steal the cookie from TARGET_URI (which cannot have X-Frame-Options or it will fail). You can also have your own custom JavaScript by setting the CUSTOMJS option. Lastly, you might need to configure the URIHOST option if you are behind NAT.
37a50587dbae737c3c34aae3bf793f8dca961d0813adb06f366e89505427010aThis Metasploit module exploits a Universal Cross-Site Scripting (UXSS) vulnerability present in all versions of Androids open source stock browser before 4.4, and Android apps running on < 4.4 that embed the WebView component. If successful, an attacker can leverage this bug to scrape both cookie data and page contents from a vulnerable browser window. If your target URLs use X-Frame-Options, you can enable the "BYPASS_XFO" option, which will cause a popup window to be used. This requires a click from the user and is much less stealthy, but is generally harmless-looking. By supplying a CUSTOM_JS parameter and ensuring CLOSE_POPUP is set to false, this module also allows running arbitrary javascript in the context of the targeted URL. Some sample UXSS scripts are provided in data/exploits/uxss.
c310932b590c18e1c4846f4e90d57edda5909db4103dc3c5954aec52431efc71WordPress GetYourGuide Ticketing plugin version 1.0.6 suffers from a cross site scripting vulnerability.
dcd22c45ffe7169dcb5e713498bc6fad3ab5097f2e800f6255a9b1b944a8c7acWordPress WP Event Manager plugin version 3.1.44 suffers from a cross site scripting vulnerability.
84a90a0eb3f40dda41212275dcb4ece9cd5dfc794dab04f6cf1e99ecbb9d523dvTiger CRM version 7.4.0 suffers from multiple reflective cross site scripting vulnerabilities.
d9025e02ef6a363801fc7c5e851c41ef9b220bc58ddf23135770c3a709cde894Gitea version 1.22.0 suffers from a cross site scripting vulnerability.
679d63e8928338a2795080c2e8acf6c63870fd815e5470dd05c9c71ca4c12184Notemark versions 0.13.0 and below suffer from a cross site scripting vulnerability.
5412263751c127d8cb7add8025ce80555d79296e588f9ff7d5b2a2c6c1a17c8aCalibre Web version 0.6.21 suffers from a persistent cross site scripting vulnerability.
686e04b8fe52c5725bda61d40bbca828f80088e743ec7a871989a6041a45b1d0Helpdeskz version 2.0.2 suffers from a persistent cross site scripting vulnerability.
a8ac91a3cbedb116396a5b53757d88970af60c29a929c87cc0d371c438839a2eJobs Finder System version 1.0 suffers from a cross site scripting vulnerability.
faf5a6f2bdf5a78896fae3a3733b2215bd787d63633b35a18fdd4238dbc3d2b4Human Resource Management System version 2024 version 1.0 suffers from a cross site scripting vulnerability.
25f4d7b7ca25178696d74bb308a9abcdd65caa3fc6c471e46b4b16febaa084eaOX App Suite frontend version 7.10.6-rev42 suffers from cross site scripting vulnerabilities. OX App Suite backend versions 7.10.6-rev61 and 8.22 suffer from a denial of service vulnerability.
6e2623da412af99e461937edfe417e674fe26af8c59f680b4bb1489413794ba8OX App Suite frontend version 7.10.6-rev44 suffers from a cross site scripting vulnerability.
1360b972ed80fc23c7c8b3b040403a512a3915dd0f5a8e6e9c5792c83a0e4c39PlantUML version 1.2024.6 suffers from a cross site scripting vulnerability.
28cd588466b21f30b2a0db0072c4c78aa0532c61f088d9cdb521bb89e9c81e26Ubuntu Security Notice 6969-1 - It was discovered that Cacti did not properly apply checks to the "Package Import" feature. An attacker could possibly use this issue to perform arbitrary code execution. This issue only affected Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. It was discovered that Cacti did not properly sanitize values when using javascript based API. A remote attacker could possibly use this issue to inject arbitrary javascript code resulting into cross-site scripting vulnerability. This issue only affected Ubuntu 24.04 LTS.
569974f66e44cbbc04571591151988d6a9b0642234fd900881b7bd97af4003b0WordPress Shield Security plugin versions 20.0.5 and below cross site scripting exploit that adds an administrative user.
705e2276f9150db10c6e5b1e68e86831e4cde8ecf32c63988f9cecbbcc2e80d0Giftora version 1.0 suffers from a cross site scripting vulnerability.
571b1691f68912443e4375f4b2eeed71940910d33468d76246e2f0a264a6ff84Farmacia Gama version 1.0 suffers from a cross site scripting vulnerability.
2caf36ad25ddb5e5fcd4a26fd8ac2e62e0dee3d76fbd95e698130d2b8730632eCovid-19 Contact Tracing System version 1.0 suffers from a cross site scripting vulnerability.
daa17a59d2ea2f605f71d11b3ba6860a33f90c5ea08d666ce8a3af42e59af5faCar Rental Management System version 1.0 suffers from a cross site scripting vulnerability.
5fa10fefdc9cde30dce20a655fe24cebef24d4c036fcbee0b4bb1c708bc895edWordPress MapFig Studio plugin versions 0.2.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
bb373228013ea4da17857eacb046e2ed58e688e52aab0abc39365db5b8ba412cDebian Linux Security Advisory 5743-2 - Multiple cross-site scripting vulnerabilities were discovered in RoundCube webmail.
5f8dfd77f70bc46b1b413f2ff2f11fba302881ec002792cfe6fc0a48263c564bWordPress Profilepro plugin versions 1.3 and below suffer from a persistent cross site scripting vulnerability.
668088aaae0dfd4b8b6db629ceeb041239e3ddf9233ec6d6aa0f3004259f968c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed