POC详情: 5dd02639c8c8b3cb766ea0adc289f411c3f6d5a2

来源
https://github.com/Edwins907/xiaomi-cve-2024-45352
关联漏洞
标题: Xiaomi SmartHome APP 安全漏洞 (CVE-2024-45352)
描述:Xiaomi SmartHome APP是中国小米(Xiaomi)公司的一款管理小米智能家居产品的应用。 Xiaomi SmartHome APP存在安全漏洞,该漏洞源于输入验证不当,可能导致代码执行。
描述
Reporte técnico sobre vulnerabilidad crítica de Xiaomi
介绍
# xiaomi-cve-2024-45352
Reporte técnico sobre vulnerabilidad crítica de Xiaomi 
Vulnerability Summary
A vulnerability was discovered in Xiaomi's default browser (com.android.browser) on various MIUI devices. The app fails to properly validate intents passed via `startActivity`, allowing malicious apps to open arbitrary URLs or perform unintended actions.

- **CVE ID**: CVE-2024-45352
- **Component**
- :com.android.browser
- **Severity**: Medium
- **Status**: Reported to Xiaomi (awaiting confirmation)
- **Date Found**: [24 de abril del 2008]

## 🔥 Proof of Concept (PoC)

1. Create a simple malicious app with the following intent:
```java
Intent intent = new Intent();
intent.setComponent(new ComponentName("com.android.browser", "com.android.browser.BrowserActivity"));
intent.setData(Uri.parse("http://malicious.com"));
startActivity(intent);
文件快照

 [4.0K]  /data/pocs/5dd02639c8c8b3cb766ea0adc289f411c3f6d5a2
├── [  30]  CVE-2024-45352-Reporte-Tecnico.pdf
├── [1.0K]  LICENSE
└── [ 856]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。