Skip to main content

Posts

Showing posts from May, 2019

[OPEN] Discussion about POC of UC browser 12.11.2.1184 (day 14)

Recently... i'm just join android security & malware telegram group, it is a very cool channel that talk about security, privacy, malware on Google Play, bugs, vulnerabilities, data leaks, bug bounty hunting, security tips & tutorials, tools, hacks, ethical hacking, penetration testing, forensic..etc when i was scrolling around contents, i stumble upon a post from andmp about vulnerability in URL address bar of UC browser that allow hacker to launch a phising website. Cause: "browsers are trying to enhance the User Experience by just displaying the search term for certain URL patterns" & "bad regex check" and POC: www.google.com.attacker.domain/?q=www.facebook.com I try to deliver the POC BUT i think it's not quite what i expect. LET ME EXPLAIN  i try to test the poc using adb for saving my time rather than have to type that long URL address. Download ~# adb shell input text www.google.com.blogspot.com/?q=facebook.com...