0day Alert: URL Spoofing Bypassed for latest Mint Browser 1.6.4 by Renwa - Andmp | A blog about infosec, bug hunting and more!

Andmp | A blog about infosec, bug hunting and more!

"Good artists copy; great artists steal."

Just another web hacking and vulnerability research blog that details how I use existing knowledge and old ways to discover new vulns ;)

Breaking

ad

Post Top Ad

Monday, 8 April 2019

0day Alert: URL Spoofing Bypassed for latest Mint Browser 1.6.4 by Renwa

Yesterday, I published about Mint's 1.6.3 being vulnerable to the same flaw that I reported to Xiaomi, even after Xiaomi pushed a fix on the 5th of April, 2019. The fix could be bypassed with little effort neatly.

In a matter of few hours, my friend Renwa bypassed Xiaomi's Mint's latest patch (on PLAYSTORE release) leading to a new 0day.

Who are affected?

Mi Browser and Mint Browser (upto 1.6.4)

Intro

Renwa discovered it and told me about it. This becomes the 2nd zero day discovered in a row in the Mint Browser and Mi Browser. 

Renwa found a bypass to the previous patch by Xiaomi team, by simply adding the target domain name to the phishing domain making it the subdomain of the phishing/attacker's domain. Which proved that Xiaomi's patch was insufficient and above all meaningless. 

But, the same day he came up with a new exploit which makes use of Unprintable Characters to bypass Xiaomi's new security patch in response to yesterday's 0day.


Trick/Bypass

By using Unprintable Characters %e2%80%8c, appended to the URL query parameter.

Video PoC


PoC

https://www.yahoo.com/entertainment/tagged/kim-kardashian/?p=m.facebook.com%e2%80%8c

(Spoofing m.facebook.com above^)





No comments:

Post a Comment

Let me know what you felt after reading the article!

Post Bottom Ad

Pages