Description: This video demonstrates the vulnerability that can be exploited due to a cross site scripting in webview's JavaScript bridges. This vulnerability allows an attacker to run system commands using Java's reflection mechanism. The vulnerability lies in the fact that JavaScript can access Java objects using the bridge and this allows an attacker to execute system commands on a rooted as well as non-rooted phone.
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.