From 371f23b265fca55e30246e41f075ba92e5e1fc67 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Thu, 13 Feb 2014 14:19:59 -0600
Subject: [PATCH] Unbreak the URL refs add nmonkee as ref and author

While @nmonkee didn't actually contribute to #2942, he did publish a
python exploit that leverages WebView, so given our policy of being
loose with author credit, I added him.

Also added a ref to @nmonkee's thing.

@jduck @jvennix-r7 if you have a problem with this, please do say so, I
don't think adding @nmonkee in any way diminishes your work, and I don't
want to appear like we're secretly ripping off people's work. I know you
aren't on this or any other module, and I know @nmonkee doesn't think
that either.
---
 .../android/browser/webview_addjavascriptinterface.rb  | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/exploits/android/browser/webview_addjavascriptinterface.rb b/modules/exploits/android/browser/webview_addjavascriptinterface.rb
index c5ffe5cfde..ae8892f6db 100644
--- a/modules/exploits/android/browser/webview_addjavascriptinterface.rb
+++ b/modules/exploits/android/browser/webview_addjavascriptinterface.rb
@@ -49,15 +49,15 @@ class Metasploit3 < Msf::Exploit::Remote
       'License'     => MSF_LICENSE,
       'Author'      => [
         'jduck', # original msf module
-        'joev'   # static server
+        'joev',   # static server
+        'nmonkee' # a python exploit written well ahead of this, see https://twitter.com/HenryHoggard/status/431412814687645696
       ],
       'References'     => [
-        ['URL', 'http://blog.trustlook.com/2013/09/04/alert-android-webview-'+
-                'addjavascriptinterface-code-execution-vulnerability/'],
+        ['URL', 'http://blog.trustlook.com/2013/09/04/alert-android-webview-addjavascriptinterface-code-execution-vulnerability/'],
         ['URL', 'https://labs.mwrinfosecurity.com/blog/2012/04/23/adventures-with-android-webviews/'],
         ['URL', 'http://50.56.33.56/blog/?p=314'],
-        ['URL', 'https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-'+
-                'addjavascriptinterface-remote-code-execution/']
+        ['URL', 'https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-addjavascriptinterface-remote-code-execution/'],
+        ['URL', 'https://github.com/mwrlabs/drozer/blob/bcadf5c3fd08c4becf84ed34302a41d7b5e9db63/src/drozer/modules/exploit/mitm/addJavaScriptInterface.py']
       ],
       'Platform'       => 'linux',
       'Arch'           => ARCH_ARMLE,