Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2014-6041

Published: 02/09/2014 Updated: 08/09/2017
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 660
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Android Browser

Vulnerability Summary

The Android WebView in Android prior to 4.4 allows remote malicious users to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android browser 4.2.1

Exploits

Exploit DB: Android Browser CSP Bypass
Android browser versions prior to 44 suffer from a content security policy bypass vulnerability ...
Exploit DB: Android Browser RCE Through Google Play Store XFO
This module combines two vulnerabilities to achieve remote code execution on affected Android devices First, the module exploits CVE-2014-6041, a Universal Cross-Site Scripting (UXSS) vulnerability present in versions of Android's open source stock browser (the AOSP Browser) prior to 44 Second, the Google Play sto ...
Exploit DB: Android Browser RCE Through Google Play Store XFO
This module combines two vulnerabilities to achieve remote code execution on affected Android devices First, the module exploits CVE-2014-6041, a Universal Cross-Site Scripting (UXSS) vulnerability present in versions of Android's open source stock browser (the AOSP Browser) prior to 44 Second, the Google Play sto ...

Metasploit Modules

Android Browser RCE Through Google Play Store XFO

This module combines two vulnerabilities to achieve remote code execution on affected Android devices. First, the module exploits CVE-2014-6041, a Universal Cross-Site Scripting (UXSS) vulnerability present in versions of Android's open source stock browser (the AOSP Browser) prior to 4.4. Second, the Google Play store's web interface fails to enforce a X-Frame-Options: DENY header (XFO) on some error pages, and therefore, can be targeted for script injection. As a result, this leads to remote code execution through Google Play's remote installation feature, as any application available on the Google Play store can be installed and launched on the user's device. This module requires that the user is logged into Google with a vulnerable browser. To list the activities in an APK, you can use `aapt dump badging /path/to/app.apk`.

msf > use auxiliary/admin/android/google_play_store_uxss_xframe_rce
msf auxiliary(google_play_store_uxss_xframe_rce) > show actions
    ...actions...
msf auxiliary(google_play_store_uxss_xframe_rce) > set ACTION < action-name >
msf auxiliary(google_play_store_uxss_xframe_rce) > show options
    ...show and set options...
msf auxiliary(google_play_store_uxss_xframe_rce) > run
Android Browser RCE Through Google Play Store XFO

This module combines two vulnerabilities to achieve remote code execution on affected Android devices. First, the module exploits CVE-2014-6041, a Universal Cross-Site Scripting (UXSS) vulnerability present in versions of Android's open source stock browser (the AOSP Browser) prior to 4.4. Second, the Google Play store's web interface fails to enforce a X-Frame-Options: DENY header (XFO) on some error pages, and therefore, can be targeted for script injection. As a result, this leads to remote code execution through Google Play's remote installation feature, as any application available on the Google Play store can be installed and launched on the user's device. This module requires that the user is logged into Google with a vulnerable browser. To list the activities in an APK, you can use `aapt dump badging /path/to/app.apk`.

msf > use auxiliary/admin/android/google_play_store_uxss_xframe_rce
msf auxiliary(google_play_store_uxss_xframe_rce) > show actions
    ...actions...
msf auxiliary(google_play_store_uxss_xframe_rce) > set ACTION < action-name >
msf auxiliary(google_play_store_uxss_xframe_rce) > show options
    ...show and set options...
msf auxiliary(google_play_store_uxss_xframe_rce) > run

Github Repositories

https://github.com/hackealy/Pentest-Mobile

Vulnerability Exploitation

Pentest-Mobile Vulnerability Exploitation Algumas das ferramentas mais utilizadas para testes de segurança em dispositivos Android incluem: AndroBugs Framework: uma ferramenta de análise estática que permite identificar vulnerabilidades em códigos-fonte de aplicativos Android Apktool: uma ferramenta de engenharia reversa que permite analisar e modif

Recent Articles

THREE QUARTERS of Android mobes open to web page spy bug
The Register • Darren Pauli • 16 Sep 2014

Metasploit module gobbles KitKat SOP slop

A Metasploit module has been developed to easily exploit a dangerous flaw in 75 percent of Android devices that allows attackers to hijack a users' open websites. The exploit targets vulnerability (CVE-2014-6041) in Android versions 4.2.1 and below and was disclosed without fanfare on 1 September, but had since gathered dust, according to researchers. Tod Beardsley (@TodB), a developer for the Metasploit security toolkit dubbed the "major" flaw a "privacy disaster". "What this means is any arbit...

Read more...

References

CWE-264http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.htmlhttps://android.googlesource.com/platform/external/webkit/+/7e4405a7a12750ee27325f065b9825c25b40598chttps://news.ycombinator.com/item?id=8321185https://community.rapid7.com/community/metasploit/blog/2014/09/15/major-android-bug-is-a-privacy-disaster-cve-2014-6041https://android.googlesource.com/platform/external/webkit/+/1368e05e8875f00e8d2529fe6050d08b55ea4d87https://news.ycombinator.com/item?id=8325807http://www.securityfocus.com/bid/69548https://exchange.xforce.ibmcloud.com/vulnerabilities/95693https://nvd.nist.govhttps://github.com/hackealy/Pentest-Mobilehttps://packetstormsecurity.com/files/128636/Android-Browser-CSP-Bypass.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook