Xiaomi Execute Arbitrary JavaScript

Description

Step to Reproduce

  • Create malware_frame.html file with following content
  • Create poc.html file with following content
  • Run local server localhost:8080
  • In browser, open the following url http://localhost:8080/poc.html
  • The JavaScript from malware_frame.html executed immediately after Readmode ON

Vulnerability Disclosure

--

--

--

Cyber Security Researcher/Analyst

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

MobX 4: Better, simpler, faster, smaller

ZIYI SHI — Assignments (due 9/15)

Use ngFor with trackBy to improve performance in Angular applications

Why I will not be speaking at ReactiveConf

Architect a large scale Vue.js Application

23 Tools To Make Your Life As A Developer A Lot Easier

A RESTful Guide to APIs

Sleeping fox

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Neilmark Ochea

Neilmark Ochea

Cyber Security Researcher/Analyst

More from Medium

XSS Discovery and Exploitation With BurpSuite

XSS through base64 encoded JSON

Weapons in my quiver: Tools and extension I use in bounties

IDOR EXPLAINED!