-
```
What steps will reproduce the problem?
1. Create a simple page with the following:
for (i in top) {
try {
top[i].getClass().forName('java.lang.Runtime');
alert('vulnerable');…
-
---
ghost updated
9 years ago
-
```
[*] Auxiliary module execution completed
[*] Setup
[*] Obfuscating initial javascript 2015-01-20 23:36:28 -0500
msf auxiliary(browser_autopwn) > [*] Done in 2.632610975 seconds
[*] Starting exploi…
-
```
msf auxiliary(browser_autopwn) >
[*] Starting exploit modules on host 192.168.1.80...
[*] ---
[*] Starting exploit android/browser/webview_addjavascriptinterface with payload android/meterpreter…
-
Ran into a user that had a device in the vulnerable range, but whose stock browser and Maxthon app was not affected. jduck mentions this here:
www.droidsec.org/news/2014/02/26/on-the-webview-addjsif-…
-
jxcore express sample runs well on all my devices except a Xiaomi Box similar to or older than this one:
http://www.amazon.com/Xiaomi-1-5ghz-Internet-Android-Bluetooth/dp/B00JIVZ6MY/ref=sr_1_5?ie=UTF…
jyang updated
9 years ago
-
Hi,Berg.
Why need Android API 17 ?
Are you using "addJavascriptInterface" in stripe-android?
-
Hello,
I am currently putting a web app (written in Aurajs) inside an Android webview. Unfortunately, I am not in control of the web app as it is loaded by an external website. The issue is that I am…
-
Today's update provided a browser_autopwn module which does this:
```
msf auxiliary(browser_autopwn) > list
[*] Listing Browser Autopwn exploits:
[-] Error while running command list: type mismatch…
-
- setup
- example app
- using crosswalk for older versions of android