Xiaomi Execute Arbitrary JavaScript

Description

Step to Reproduce

  • Create malware_frame.html file with following content
  • Create poc.html file with following content
  • Run local server localhost:8080
  • In browser, open the following url http://localhost:8080/poc.html
  • The JavaScript from malware_frame.html executed immediately after Readmode ON

Vulnerability Disclosure

--

--

--

Cyber Security Researcher/Analyst

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Basic Javascript Design Patterns : Every UI Developer Should Know

node.js: API COVID-19

NodeConf Budapest 2017

Frontend Rendering: SSG vs ISG vs SSR vs CSR — When to use which?

How to make a super-fast static site with Gatsby, Typescript, and SASS

Using Swiper in WebSharper

JSON serialization: Ignore selective properties or null properties

Star Wars API Projects Details

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Neilmark Ochea

Neilmark Ochea

Cyber Security Researcher/Analyst

More from Medium

Leaked Database of CGG Website: GOVT- BUG (CRITICAL)

What is the OWASP Top 10? | rootissh

Cross-site request forgery (CSRF)

HOW TO MANIPULATE COOKIES: AN INFORGRAPHIC FOR HACKERS