CVE-2017-17692 PoC — Samsung Internet Browser 安全漏洞

Source

https://github.com/specloli/CVE-2017-17692

Associated Vulnerability

Title:Samsung Internet Browser 安全漏洞 (CVE-2017-17692)
Description:Samsung Internet Browser是韩国三星（Samsung）公司开发的一款Web浏览器产品。 Samsung Internet Browser 5.4.02.3版本中存在安全漏洞。远程攻击者可借助特制的JavaScript代码利用该漏洞绕过同源策略，获取敏感的信息。

Readme

# CVE-2017-17692

### Exploit Title: SOP Bypass
### Date: 06 Septmber 2017
### Software Link: https://play.google.com/store/apps/details?id=com.sec.android.app.sbrowser&hl=en
### Exploit Author: Dhiraj Mishra
### Contact: http://twitter.com/mishradhiraj_
### Website: http://datarift.blogspot.in/
### Category:  Browser

Video PoC: https://youtu.be/x8f-tQaZriQ

## DEMO https://lr3800.github.io/CVE-2017-17692/Demo.html

2. Samsung reply

Dear Dhiraj,

 

We would like to thank you for sharing a potential security issue for Samsung mobile device.

We looked into the issue and found that the issue was already patched.

The patch is already preloaded in our upcoming model Galaxy Note8, and the application will be updated via Apps store update in October.

Thank you very much in advance for your cooperation.

 

Very Respectfully,
Samsung Mobile Security

File Snapshot


 [4.0K]  /data/pocs/125fecc2c75b537f9b7dde297cdb4714ff0c535a
├── [9.5K]  Demo.html
└── [ 860]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!