CVE-2017-17692
published 2017-12-21CVE-2017-17692: Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that…
PriorityP270high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
78.84%
99.5th percentile
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | internet_browser | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for POST requests containing JSON body with keys 'user' and 'pass' sent back to the attacker-controlled server — this is the credential exfiltration step of the exploit. ↗
- →Detect JavaScript use of window.open() followed by cross-origin innerHTML rewrite targeting a child tab — the core SOP bypass mechanism for this CVE. ↗
- →Flag use of x.prompt() calls on a cross-origin window object — the exploit uses 'x.prompt()' on the opened child tab to harvest credentials across origins. ↗
- ·The TARGET_URL (origin being spoofed) is fully configurable by the attacker; default is http://example.com/ but any URL can be substituted, so origin-based allowlisting is insufficient for detection. ↗
- ·The HTML lure content displayed to the victim is fully attacker-customizable via CUSTOM_HTML, meaning static content-based signatures will have low fidelity. ↗
- ·The injected JavaScript payload is also fully replaceable via the CUSTOM_JS advanced option, allowing attackers to swap out the default credential-harvesting logic entirely. ↗
- ·The credential exfiltration uses a 3000ms setTimeout delay before executing the phishing prompt, which may affect timing-based behavioral detection rules. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Samsung Internet Browser - SOP Bypass (Metasploit)
exploitdb·2017-12-20
CVE-2017-17692 Samsung Internet Browser - SOP Bypass (Metasploit)
Samsung Internet Browser - SOP Bypass (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'Samsung Internet Browser SOP Bypass',
'Description' => %q(
This module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the
Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices.
By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather
credentials via a fake pop-up.
),
'License' => MSF_LICENSE,
'Author' => [
'Dhiraj Mishra', # Original discovery, disclosure
'Tod Beardsley', # Metasploit module
'Jeffrey Martin' # Metasploit module
],
'References' => [
[ 'CVE', '2017-17692' ],
['URL', 'htt
Metasploit
Samsung Internet Browser SOP Bypass
metasploit
Samsung Internet Browser SOP Bypass
Samsung Internet Browser SOP Bypass
This module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/145510/Samsung-Internet-Browser-SOP-Bypass.htmlhttps://datarift.blogspot.in/p/samsung-interent-browser-sop-bypass-cve.htmlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/samsung_browser_sop_bypass.rbhttps://www.exploit-db.com/exploits/43376/http://packetstormsecurity.com/files/145510/Samsung-Internet-Browser-SOP-Bypass.htmlhttps://datarift.blogspot.in/p/samsung-interent-browser-sop-bypass-cve.htmlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/samsung_browser_sop_bypass.rbhttps://www.exploit-db.com/exploits/43376/
2017-12-21
Published