Description:
This video shows the possibility of stealing files from the SD card (Android) within a site vulnerable to XSS. The vulnerability has been discovered by Thomas Cannon (
http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/) and can be integrated in
XSSF modules. This video comes in order to introduce new XSSF update including new functionality and bug fixes:
* Better Metasploit exploits management (XSSF now process all kind of requests and not only GET/POST)
* XSSF Tunnel now supporting binary data (Images, PDFs, ...)
* Some bug fixed (XSSF launching with given URI, log size limited to 255,, ...)
* New functionalities for the XSSF plugin (remove victim(s), clean victim(s))
* Etc. (Details will be given on MSF Redmine when new version will be uploaded)
Tags: XSS (Cross-Site Scripting), XSSF, Metasploit, Android
Thanks goes out to Ludovic Courgnaud (CONIX Security) for uploading this video to ST!
Tags: tools ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: