CVE-2012-6636

This Metasploit module exploits a privilege escalation vulnerability in Android < 4.2's WebView component by injecting malicious JavaScript to execute arbitrary commands via exposed Java Reflection APIs. It targets vulnerable Android browsers or WebViews with added JavaScript interfaces.

This repository contains a proof-of-concept exploit for CVE-2013-4710, demonstrating how JavaScript in a WebView can execute arbitrary commands on Android devices via reflection. The exploit leverages the `addJavascriptInterface` method to gain RCE by accessing the `Runtime` class.

This PoC demonstrates CVE-2012-6636, an Android WebView vulnerability where JavaScript can access exposed Java objects via addJavascriptInterface. The demo loads a local HTML file and enables JavaScript interaction with the injected object.

This Metasploit module exploits a privilege escalation vulnerability in Android < 4.2's WebView component by leveraging the addJavascriptInterface method to execute arbitrary commands via Java Reflection APIs. It serves an exploit payload to vulnerable clients, supporting multiple architectures (ARM, MIPS, x86).