Friday December 25th

Friday December 18th

Thursday December 3rd

Tuesday December 1st

Monday November 16th

Sunday November 15th

Friday November 6th

Tuesday November 3rd

Wednesday October 14th

1 Kicks

Mercury Browser for Android RCE Redux

In my previous post about this browser, I have already covered how you can abuse the insecure parsing of the Intent URI scheme into invoking the private WiFi Manager feature. I also described how you can exploit a path traversal vulnerability in the custom web server used by the WiFi Manager feature, in order to arbitrarily read files from the browser's data directory. Now we are going to cover how to achieve a fatality over the Mercury Browser for Android by gaining code execution.


Commenting on Stories is limited for now and will open up to those recommended by the community. Learn how
Loading InfoSecKicks...
brought to you by the Kicks Network