There is a Same Origin Policy bypass / Universal Cross Site Scripting issue in Samsung Internet Browser (tested on latest version - 6.2.01.12). First of all, using the combination of MHTML and XSLT ends up resulting in a weird interaction. When you create an empty Iframe via MHTML and give a normal header and combine MHTML with XSLT,
the browser renders them and confuse as its origin is from a pre-instantiated empty iframe. For the PoC and details please contact me via following email address: proof131072@gmail.com. Regards, James
Saturday, 23 December 2017
Samsung Internet Browser SOP Bypass/UXSS
Subscribe to:
Post Comments (Atom)
Samsung Internet Browser 7.2.10.33
ReplyDelete