{"uuid": "7a8fe5f6-6e00-49a4-b405-c29e9565f89a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26324", "type": "published-proof-of-concept", "source": "https://t.me/poxek/4313", "content": "RCE on Xiaomi 13 Pro (CVE-2023-26324)\n\ud83d\udc49Exploitation:\n1) Open URL in WebView\n2) Inject JavaScript\n3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload\n4) Get shell\n\n\ud83d\udc49Slides with PoC: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ken%20Gannon%20Ilyes%20Beghdadi%20-%20Xiaomi%20The%20Money%20Our%20Toronto%20Pwn2Own%20Exploit%20and%20Behind%20The%20Scenes%20Story.pdf", "creation_timestamp": "2024-08-21T09:55:52.000000Z"}