CVE-2011-2357

Android 2.3.4 and 3.1 - Cross-Application Scripting via Browser URL Loading

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-2357. PoCs published by Roee Hay.

AI-analyzed exploit summary This exploit leverages a vulnerability in Android's browser sandbox to execute arbitrary JavaScript in the context of an arbitrary domain. It uses an Intent to launch the browser with a target URL, then injects JavaScript after a delay to bypass the sandbox.

Description

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Roee Hay · javaremotemultiple

https://www.exploit-db.com/exploits/36006

View Code ZIP pw:eip

This exploit leverages a vulnerability in Android's browser sandbox to execute arbitrary JavaScript in the context of an arbitrary domain. It uses an Intent to launch the browser with a target URL, then injects JavaScript after a delay to bypass the sandbox.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Android 2.3.4 and 3.1 (and potentially prior versions)

No auth needed

Prerequisites: Victim must open the malicious application · Target domain must be accessible

MITRE ATT&CK