安卓微信、QQ自带浏览器 UXSS 漏洞 - 知道创宇
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 9bf87ef5-2f3c-4ca7-9344-5fdcde97ced4 |
| Fingerprint | 7cd40827ff1e11a4 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Feb. 29, 2016, midnight |
| Added to db | Jan. 18, 2023, 7:34 p.m. |
| Last updated | Dec. 18, 2024, 11:28 p.m. |
| Headline | 安卓微信、QQ自带浏览器 UXSS 漏洞 |
| Title | 安卓微信、QQ自带浏览器 UXSS 漏洞 - 知道创宇 |
| Detected Hints/Tags/Attributes | 2/0/13 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://blog.knownsec.com/2016/02/android-weixin-qq-uxss/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | knownsec.com |
|
| Details | Domain | 100 | qq.com |
|
| Details | Domain | 4 | security.tencent.com |
|
| Details | 1 | hei@knownsec.com |
||
| Details | File | 1 | poc.htm |
|
| Details | File | 1 | 当安卓手机用户使用微信或qq访问poc.htm |
|
| Details | File | 1 | 而浏览器解析的javascript代码则按当前的document.url |
|
| Details | File | 1 | 测试poc.htm |
|
| Details | File | 1 | 结合flash的crossdomain.xml |
|
| Details | IPv4 | 212 | 1.1.1.1 |
|
| Details | Url | 1 | http://1.1.1.1..qq.com |
|
| Details | Url | 1 | http://1.1.1.1/..qq.com |
|
| Details | Url | 1 | http://security.tencent.com |