Arbitrary website Forgery Vulnerability in UC browser (PC)
Arbitrary website Forgery Vulnerability in UC browser (packaging)
Browser version
#1. Arbitrary website forgery
POC:
<Script> function spoof () {document. write ("<title> Baidu </title>"); document. write ("
An error will occur after running the POC, but the UC browser helps us recover it, and the result can be forged on any website.
#2. Software Download Spoofing
The GET request is as follows:
Http://down1.apps.uc.cn/group1/M00/B3/75/Cg2DP1OekvLT4GzOALNinX2P17I905.apk? Attname=com.baozoumanhua.android_6.1.3_64.apk&appname=comics .apk
Appname = controllable, can be forged at will, without confirmation, directly output in the Browser Download box. Therefore, we can forge a cartoon apk to cover ten pictures, as shown below:
Of course, the download is a pop-up cartoon.
~! 1.
~! 2.
Solution:
For the second one, the appname parameter should be set to an uncontrollable one for the user. Why is it necessary to set an appname parameter?