There is a Same Origin Policy bypass / Universal Cross Site Scripting issue in Samsung Internet Browser (tested on latest version - 6.2.01.12). First of all, using the combination of MHTML and XSLT ends up resulting in a weird interaction. When you create an empty Iframe via MHTML and give a normal header and combine MHTML with XSLT,
the browser renders them and confuse as its origin is from a pre-instantiated empty iframe. For the PoC and details please contact me via following email address: proof131072@gmail.com. Regards, James
Saturday, 23 December 2017
Samsung Internet Browser SOP Bypass/UXSS
Sunday, 3 December 2017
Subscribe to:
Posts (Atom)