ARM Exploit Exercises

Overview A while ago, a compiled all of the stack exercises from the Exploit Exercises Protostar series and dumped them on Github. I like to practice exploitation on ARM a lot, because architecture wise it is where I spend most of my time. After running through all of the Protostar…

Exploiting the Mercury Browser for Android

Overview The Mercury Browser for Android suffers from an insecure Intent URI scheme implementation and a path traversal vulnerability within a custom web server used to support its WiFi Transfer feature. Chaining these vulnerabilities together can allow a remote attacker to perform arbitrary reading and writing of files within the…

Remote Code Execution in Dolphin Browser for Android

Update The PoC is located here: https://www.youtube.com/watch?v=hhpP1rYn_B0 A patch was released on August 27, 2015, update now! Overview An attacker with the ability to control the network traffic for users of the Dolphin Browser for Android, can modify the functionality of downloading and…