Android Browser Kitkat Content Spoofing Vulnerability

The following is a low risk vulnerability that was found few months ago while testing the latest Android Stock browser on Android Kitkat.  The issue that was found is commonly referred as Content spoofing Vulnerability or dialog box spoofing vulnerability which could be used to fake an alert message on a legitimate website.

In other words, i could display an alert box (Of my choice) on the site of my choice. Whereas in chrome, Firefox and other browser the alert box appears on correct tab. 

Tags: 1 Comments

Android Browser Cross Scheme Data Exposure + Intent Scheme Attack

tl;dr This exploit is an issue present in Android browser < 4.4 and several other android browsers which allows an attacker to read sqlite cookie database file and hence exposing all cookies. Along with it we also talk about a Cross Scheme Data exposure attack in Android < 4.4.


During my research on ASOP (Stock Browser) I found out that is is possible to open links to local files using file:// protocol by from a webpage by selecting "Open Link in New tab" from the context menu". This itself is does not represent a vulnerability unless there is a way to read local files and use be able to retrieve the files remotely. However, what caught my attention here is this by default is not permitted browsers such as Chrome, Firefox, Opera etc.


Bad Meets evil - PHP meets Regular Expressions


This article would briefly discuss the reason why Regular Expressions might not be suitable for filtersand how things could turn miserably bad when PHP comes is used with Regular Expressions. The post would then continue with the write-up of a relevant scenario based challenge, and finally will conclude with the author’s opinion on the topic.


Common Attacks Against Modems

0x01: Introduction to Modems

The term DSL modem is technically used to describe "a modem which connects to a single computer, through a USB port or is installed in a computer PCI slot". The more common DSL router which combines the function of a DSL modem and a home router is a standalone device which could be connected to multiple computers through multiple Ethernet ports or an integral wireless access point. Also called as a "residential gateway", a DSL router usually manages the connection and sharing of the DSL service in a home or small office network.


A Tale Of Another SOP Bypass In Android Browser < 4.4

Since, my recent android SOP bypass [CVE-2014-6041] triggered a lot of eruption among the infosec community, I was motivated to research a bit more upon the android browser, it turns out that things are much worse than I thought, I managed to trigger quite a few interesting vulnerabilities inside of Android browser, one of them being another Same Origin Policy Bypass vulnerability. The thing that makes it worse was the same SOP bypass was already fixed inside of chrome years ago, however the patches were not applied to Android browser < 4.4.

Tags: 1 Comments

Indepth Code Execution in PHP: Part Two

This is a continued post from Code Execution in PHP; you can read the first post here, so if you haven't read that before please go ahead and read it first or else you would have problem understanding the second part.

“…It’s no secret that PHP is an easy language to which anyone with amateur coding skills could work with and as a rule with poor knowledge of basic security concepts, this factor alone often lead to new poorly written web-applications; Thus compromising their hosts and extraction of sensitive information. Recently, I was on a pentest for a project to which I was working on and went noticing unusual type of code execution. I decided to write about Code Execution Indepth because the developers need to focus on their poorly written web applications in PHP. This article will try covering code execution flaws in places which are less predictable and detail on snippets of code which might look secure while providing possibilities for ‘code injection’...”


Blog Archive


Recent Comments


Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.