Mercury Browser for Android RCE Redux

Overview In my previous post about this browser, I have already covered how you can abuse the insecure parsing of the Intent URI scheme into invoking the private WiFi Manager feature. I also described how you can exploit a path traversal vulnerability in the custom web server used by the…

Remote Code Execution in Dolphin Browser for Android

Update The PoC is located here: https://www.youtube.com/watch?v=hhpP1rYn_B0 A patch was released on August 27, 2015, update now! Overview An attacker with the ability to control the network traffic for users of the Dolphin Browser for Android, can modify the functionality of downloading and…